Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe

Overview

General Information

Sample name:bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
Analysis ID:1430904
MD5:e6c05234f5ead39c58592299df449249
SHA1:ccc93386e293eb1ab7d7d274686b6e480bf833ae
SHA256:fb522c0f319128643c4393ce688ab4f2ad0cda0145cc405f8d631d1b36fb9782
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:46
Range:0 - 100

Signatures

Deletes itself after installation
Enables network access during safeboot for specific services
Installs new ROOT certificates
Tries to harvest and steal browser information (history, passwords, etc)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" MD5: E6C05234F5EAD39C58592299DF449249)
    • cmd.exe (PID: 7136 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • spinner.exe (PID: 6352 cmdline: "C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON MD5: 7C289584808ECDA09710B49BD7CE8D54)
    • bomgar-scc.exe (PID: 4428 cmdline: "C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "C:\Users\user\Desktop" MD5: B248920D9FCF8A0CFE21004D62645F65)
      • bomgar-scc.exe (PID: 7112 cmdline: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\ C:\ProgramData\bomgar-scc-0x6628c8bd\ --installer-pwd C:\Users\user\Desktop MD5: B248920D9FCF8A0CFE21004D62645F65)
        • bomgar-scc.exe (PID: 736 cmdline: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -proxydetect MD5: B248920D9FCF8A0CFE21004D62645F65)
        • bomgar-scc.exe (PID: 6352 cmdline: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -elevate silent MD5: B248920D9FCF8A0CFE21004D62645F65)
  • bomgar-scc.exe (PID: 2716 cmdline: "C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -service:run MD5: B248920D9FCF8A0CFE21004D62645F65)
    • bomgar-scc.exe (PID: 7064 cmdline: "C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -drone MD5: B248920D9FCF8A0CFE21004D62645F65)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: cp, EventID: 13, EventType: SetValue, Image: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe, ProcessId: 2716, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{48b0aa89-55d1-4609-993a-72383ad18ed2}\(Default)

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: cp-x64.pdb source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: embedhook-x64.pdb source: bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1729657670.000001C6D41B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bomgar-scc-x64.pdbe source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x86.pdb source: bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1728543049.000001C6D41B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: embedhook-x86.pdb source: bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1729796754.000001C6D41B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bomgar-scc-x64.pdb source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x64.pdb source: bomgar-scc.exe, 00000005.00000003.1718580439.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1727732689.000001C6D41B3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: spinner-x64.pdb source: spinner.exe, 00000003.00000000.1657067012.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmp, spinner.exe, 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1731176258.000001C6D41A9000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_00405646 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405646
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040601C FindFirstFileA,FindClose,0_2_0040601C
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C5C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,3_2_00007FF64B5C5C04
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

Networking

barindex
Enables network access during safeboot for specific services
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeRegistry value created: NULL ServiceJump to behavior
Source: global trafficHTTP traffic detected: GET /?c=isilog_fr&v=22.2.3&a=x86_64&g=54.38.11.197&i=scc&O=337118209&o=10.0.19045&r=ed09842299ecfc168285eed9c75148f559a689b3&s=1219600&t=Windows%2010%20Pro%20%2822H2%29 HTTP/1.0Host: license.bomgar.com
Source: global trafficHTTP traffic detected: GET /get_rdf?comp=sdcust&gskey=494b4ebfd2db029983e1517ec6f68ec0 HTTP/1.0
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?c=isilog_fr&v=22.2.3&a=x86_64&g=54.38.11.197&i=scc&O=337118209&o=10.0.19045&r=ed09842299ecfc168285eed9c75148f559a689b3&s=1219600&t=Windows%2010%20Pro%20%2822H2%29 HTTP/1.0Host: license.bomgar.com
Source: global trafficHTTP traffic detected: GET /get_rdf?comp=sdcust&gskey=494b4ebfd2db029983e1517ec6f68ec0 HTTP/1.0
Source: unknownDNS traffic detected: queries for: bomgar.iws-saas.fr
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736951261.0000021077558000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685539992.00000000005A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DiKs3
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSi
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718725442.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678268247.000001FB9FFA2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678905058.000001FB9FFA2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719051182.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718339682.0000021077731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718894735.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719990200.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Dig
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718725442.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: bomgar-scc.exe, 00000008.00000003.1741478456.000002832E7E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1750125672.000002832EE75000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1749851003.000002832E752000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1749851003.000002832E7E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: bomgar-scc.exe, 00000008.00000002.1750189178.000002832F1C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.co
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://launchwinapp.exemicrosoft-edge:about:blank
Source: bomgar-scc.exe, 00000006.00000002.1715720111.000001B4672B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000000.1647447081.0000000000409000.00000008.00000001.01000000.00000003.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000000.1647447081.0000000000409000.00000008.00000001.01000000.00000003.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: bomgar-scc.exe, 00000007.00000003.1735321282.000001C6D41A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.c
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678268247.000001FB9FFA2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678905058.000001FB9FFA2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718725442.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075952000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719051182.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718339682.0000021077731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net02
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736951261.0000021077558000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1715449989.000001B465533000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1715449989.000001B46555B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://wpad/wpad.datAttempting
Source: bomgar-scc.exe, 00000006.00000002.1715449989.000001B465533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dats2_32
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720255024.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719845237.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719292384.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722947530.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719554272.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720091732.0000021075955000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719051182.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718339682.0000021077731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/rpa03
Source: bomgar-scc.exe, 00000006.00000002.1715449989.000001B465533000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000006.00000002.1715449989.000001B46555B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bomgar.iws-saas.fr/
Source: bomgar-scc.exe, 00000006.00000002.1715449989.000001B46555B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bomgar.iws-saas.fr:443
Source: bomgar-scc.exe, 00000008.00000002.1750189178.000002832F1C4000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1750125672.000002832EE75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718580439.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/0
Source: bomgar-scc.exe, 00000007.00000003.1735293265.000001C6D24F3000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1735609060.000001C6D24F4000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/3?
Source: bomgar-scc.exe, 00000007.00000003.1735293265.000001C6D24F3000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1735609060.000001C6D24F4000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/4?
Source: bomgar-scc.exe, 00000005.00000002.1736951261.0000021077520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/C9
Source: bomgar-scc.exe, 00000008.00000002.1750189178.000002832F1C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/U
Source: bomgar-scc.exe, 00000008.00000002.1749851003.000002832E79D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/YD
Source: bomgar-scc.exe, 00000004.00000003.1678154782.000001FB9FF8C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678905058.000001FB9FF8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/b
Source: bomgar-scc.exe, 00000007.00000002.1735767570.000001C6D3E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/s
Source: bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1735708616.000001C6D252A000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735271797.000001C6D2528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.beyondtrust.com/x
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718894735.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719990200.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.entrust.net/rpa0
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040514B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040514B
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040326C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040326C
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040495C0_2_0040495C
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040635D0_2_0040635D
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C1CB03_2_00007FF64B5C1CB0
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C18203_2_00007FF64B5C1820
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5CB8F83_2_00007FF64B5CB8F8
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C98BC3_2_00007FF64B5C98BC
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C49403_2_00007FF64B5C4940
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C5C043_2_00007FF64B5C5C04
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecp.dll\ vs bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal42.spyw.winEXE@18/107@2/2
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040441B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040441B
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeFile created: C:\Users\user\AppData\Local\007BCF33-BCC5-4ADF-8AF3-9068ED3C8E96.txt
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x6628c8bd_proxy-settings-cc.ini
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeMutant created: NULL
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x6628c8bd_settings-cc.ini
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7116:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsuD628.tmpb_settings.ini
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x6628c8bd_secure.ini
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeMutant created: \Sessions\1\BaseNamedObjects\BF13227E-B446-4E12-913E-7E5FBBEE54F6
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsuD628.tmpb_secure.ini
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Roaming_Mozilla_Firefox_profiles.ini
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsuD628.tmpb_proxy-settings-cc.ini
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x6628c8bd_settings.ini
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsuD628.tmpb_settings-cc.ini
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nseD616.tmpJump to behavior
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeString found in binary or memory: "C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile read: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd" "
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe "C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe "C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "C:\Users\user\Desktop"
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\ C:\ProgramData\bomgar-scc-0x6628c8bd\ --installer-pwd C:\Users\user\Desktop
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -proxydetect
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -elevate silent
Source: unknownProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe "C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -service:run
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe "C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -drone
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd" "Jump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe "C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "C:\Users\user\Desktop"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe "C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\ C:\ProgramData\bomgar-scc-0x6628c8bd\ --installer-pwd C:\Users\user\DesktopJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -proxydetectJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -elevate silentJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe "C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -drone
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeSection loaded: gpapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: version.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wldp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: profapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: propsys.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: sspicli.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: msasn1.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: gpapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: version.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wldp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: profapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: propsys.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: sspicli.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: winhttp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wininet.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: iertutil.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: mswsock.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: winnsi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: msasn1.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: gpapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: version.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wldp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: profapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: propsys.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: sspicli.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: msasn1.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: gpapi.dllJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: version.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptsp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rsaenh.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wldp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: profapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wtsapi32.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: winsta.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: sspicli.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbghelp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbgcore.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: mswsock.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dnsapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: iphlpapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: fwpuclnt.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rasadhlp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: userenv.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: msasn1.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: gpapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: version.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptsp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rsaenh.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wldp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: profapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wtsapi32.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: winsta.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: sspicli.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbghelp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dbgcore.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: mswsock.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: dnsapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: iphlpapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: fwpuclnt.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: rasadhlp.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: msasn1.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: gpapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wfapi.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: userenv.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: propsys.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: textinputframework.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: coreuicomponents.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: coremessaging.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: ntmarta.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: coremessaging.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wintypes.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wintypes.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: wintypes.dll
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile written: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings-init.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeStatic PE information: certificate valid
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeStatic file information: File size 3803704 > 1048576
Source: Binary string: cp-x64.pdb source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: embedhook-x64.pdb source: bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1729657670.000001C6D41B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bomgar-scc-x64.pdbe source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x86.pdb source: bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1728543049.000001C6D41B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: embedhook-x86.pdb source: bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1729796754.000001C6D41B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bomgar-scc-x64.pdb source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x64.pdb source: bomgar-scc.exe, 00000005.00000003.1718580439.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1727732689.000001C6D41B3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: spinner-x64.pdb source: spinner.exe, 00000003.00000000.1657067012.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmp, spinner.exe, 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1731176258.000001C6D41A9000.00000004.00000020.00020000.00000000.sdmp
Source: spinner.exe.0.drStatic PE information: section name: _RDATA
Source: spinner.exe0.0.drStatic PE information: section name: _RDATA
Source: embedhook-x64.exe.0.drStatic PE information: section name: _RDATA
Source: cbhook-x86.dll.0.drStatic PE information: section name: .didat
Source: cbhook-x64.dll.0.drStatic PE information: section name: .didat
Source: cbhook-x64.dll.0.drStatic PE information: section name: _RDATA
Source: bomgar-scc.exe.0.drStatic PE information: section name: .didat
Source: bomgar-scc.exe.0.drStatic PE information: section name: _RDATA
Source: cp.dll.0.drStatic PE information: section name: .bmgrcfg
Source: cp.dll.0.drStatic PE information: section name: _RDATA
Source: spinner.exe.4.drStatic PE information: section name: _RDATA
Source: bomgar-scc.exe.4.drStatic PE information: section name: .didat
Source: bomgar-scc.exe.4.drStatic PE information: section name: _RDATA
Source: cbhook-x64.dll.4.drStatic PE information: section name: .didat
Source: cbhook-x64.dll.4.drStatic PE information: section name: _RDATA
Source: cbhook-x86.dll.4.drStatic PE information: section name: .didat
Source: cp.dll.4.drStatic PE information: section name: .bmgrcfg
Source: cp.dll.4.drStatic PE information: section name: _RDATA
Source: embedhook-x64.exe.4.drStatic PE information: section name: _RDATA

Persistence and Installation Behavior

barindex
Installs new ROOT certificates
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x86.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\sas.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\cp.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\remove.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\remove.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\sas.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x86.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\spinner.exeJump to dropped file
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x86.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\spinner.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x86.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\cp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\remove.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\sas.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\spinner.exeJump to dropped file
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x86.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x86.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeFile created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Deletes itself after installation
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeFile deleted: c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x86.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\sas.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\cp.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\remove.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\remove.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\sas.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x86.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x86.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeDropped PE file which has not been started: C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x86.exeJump to dropped file
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cp.dllJump to dropped file
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe TID: 7104Thread sleep time: -360000s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_00405646 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405646
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040601C FindFirstFileA,FindClose,0_2_0040601C
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C5C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,3_2_00007FF64B5C5C04
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeThread delayed: delay time: 60000
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: bomgar-scc.exe, 00000004.00000003.1678154782.000001FB9FF69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllccf&P
Source: bomgar-scc.exe, 00000008.00000003.1733434931.000002832E78A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: VMwareVMware
Source: bomgar-scc.exe, 00000005.00000003.1678607075.0000021075918000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Prod_VMware_
Source: bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c8bd\settings-cc.ini&Prod_VMware_
Source: bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: WFGetActiveProtocolwfapi.dllSOFTWARE\Teradici\PCoIPTeraHostPathSYSTEM\CurrentControlSet\Control\Terminal Server\GlassSessionIdVMwareVMwareMicrosoft HvXenVMMXenVMMOpenProcessToken %d
Source: bomgar-scc.exe, 00000006.00000002.1715449989.000001B4654B8000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24D9000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1749851003.000002832E752000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: bomgar-scc.exe, 00000005.00000002.1736816123.00000210758DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\\
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeAPI call chain: ExitProcess graph end nodegraph_0-3375
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeAPI call chain: ExitProcess graph end nodegraph_3-4233
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess information queried: ProcessInformation
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C5694 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF64B5C5694
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C83C0 GetProcessHeap,3_2_00007FF64B5C83C0
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C5694 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF64B5C5694
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C22D4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF64B5C22D4
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C29D8 SetUnhandledExceptionFilter,3_2_00007FF64B5C29D8
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C27F4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF64B5C27F4
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd" "Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe "C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\ C:\ProgramData\bomgar-scc-0x6628c8bd\ --installer-pwd C:\Users\user\DesktopJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -proxydetectJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -elevate silentJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe "C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -drone
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe "c:\users\user\appdata\local\temp\nsud628.tmpb\bomgar-scc.exe" "c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "c:\users\user\desktop"
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe c:\programdata\bomgar-scc-0x6628c8bd\bomgar-scc.exe c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe c:\users\user\appdata\local\temp\nsud628.tmpb\ c:\programdata\bomgar-scc-0x6628c8bd\ --installer-pwd c:\users\user\desktop
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeProcess created: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe "c:\users\user\appdata\local\temp\nsud628.tmpb\bomgar-scc.exe" "c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "c:\users\user\desktop"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeProcess created: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe c:\programdata\bomgar-scc-0x6628c8bd\bomgar-scc.exe c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 c:\users\user\desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe c:\users\user\appdata\local\temp\nsud628.tmpb\ c:\programdata\bomgar-scc-0x6628c8bd\ --installer-pwd c:\users\user\desktopJump to behavior
Source: bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: shell32.dllShell_TrayWndwbP
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5CB740 cpuid 3_2_00007FF64B5CB740
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exeCode function: 3_2_00007FF64B5C26A8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_00007FF64B5C26A8
Source: C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeCode function: 0_2_0040326C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040326C
Source: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Command and Scripting Interpreter		1
DLL Side-Loading		12
Process Injection		1
Masquerading		1
OS Credential Dumping		1
System Time Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
Query Registry		Remote Desktop Protocol1
Data from Local System		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Virtualization/Sandbox Evasion		Security Account Manager21
Security Software Discovery		SMB/Windows Admin Shares1
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Process Injection		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Install Root Certificate		LSA Secrets11
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials4
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync16
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430904 Sample: bomgar-scc-w0eec30gdg6gx6wy... Startdate: 24/04/2024 Architecture: WINDOWS Score: 42 53 license.bt3ng.com 2->53 55 license.bomgar.com 2->55 57 bomgar.iws-saas.fr 2->57 8 bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe 73 2->8         started        11 bomgar-scc.exe 2->11         started        process3 dnsIp4 37 C:\Users\user\AppData\Local\...\spinner.exe, PE32+ 8->37 dropped 39 C:\Users\user\AppData\Local\...\spinner.exe, PE32+ 8->39 dropped 41 C:\Users\user\AppData\Local\Temp\...\sas.dll, PE32+ 8->41 dropped 43 8 other files (none is malicious) 8->43 dropped 14 bomgar-scc.exe 56 8->14         started        17 cmd.exe 1 8->17         started        59 license.bt3ng.com 3.233.108.128, 443, 49732 AMAZON-AESUS United States 11->59 19 bomgar-scc.exe 11->19         started        file5 process6 file7 45 C:\ProgramData\...\bomgar-scc.exe, PE32+ 14->45 dropped 47 C:\ProgramData\...\spinner.exe, PE32+ 14->47 dropped 49 C:\ProgramData\...\sas.dll, PE32+ 14->49 dropped 51 6 other files (none is malicious) 14->51 dropped 21 bomgar-scc.exe 1 2 14->21         started        25 conhost.exe 17->25         started        27 spinner.exe 17->27         started        process8 file9 35 bomgar-scc-w0eec30...5fwfex5jc40jc90.exe, PE32 21->35 dropped 63 Deletes itself after installation 21->63 29 bomgar-scc.exe 1 21->29         started        33 bomgar-scc.exe 1 1 21->33         started        signatures10 process11 dnsIp12 61 bomgar.iws-saas.fr 54.38.11.197, 443, 49731, 49733 OVHFR France 29->61 65 Installs new ROOT certificates 29->65 67 Tries to harvest and steal browser information (history, passwords, etc) 29->67 69 Enables network access during safeboot for specific services 33->69 signatures13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x64.dll0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x86.dll0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\cp.dll0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x64.exe0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x86.exe0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\remove.exe0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\sas.dll0%VirustotalBrowse
C:\ProgramData\bomgar-scc-0x6628c8bd\spinner.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsuD628.tmp\System.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x86.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cp.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x64.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x86.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\remove.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\sas.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
license.bt3ng.com0%VirustotalBrowse
bomgar.iws-saas.fr0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://microsoft.co0%Avira URL Cloudsafe
http://wpad/wpad.dats2_320%Avira URL Cloudsafe
https://bomgar.iws-saas.fr:4430%Avira URL Cloudsafe
http://ocsp.digicert.c0%Avira URL Cloudsafe
http://crl4.digicert.co0%Avira URL Cloudsafe
http://crl4.digicert.co0%VirustotalBrowse
https://bomgar.iws-saas.fr:4430%VirustotalBrowse
https://bomgar.iws-saas.fr/0%Avira URL Cloudsafe
http://launchwinapp.exemicrosoft-edge:about:blank0%Avira URL Cloudsafe
http://wpad/wpad.dat0%Avira URL Cloudsafe
http://wpad/wpad.datAttempting0%Avira URL Cloudsafe
http://microsoft.co1%VirustotalBrowse
https://bomgar.iws-saas.fr/0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
license.bt3ng.com
3.233.108.128
truefalseunknown
bomgar.iws-saas.fr
54.38.11.197
truefalseunknown
license.bomgar.com
unknown
unknownfalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://license.bomgar.com/?c=isilog_fr&v=22.2.3&a=x86_64&g=54.38.11.197&i=scc&O=337118209&o=10.0.19045&r=ed09842299ecfc168285eed9c75148f559a689b3&s=1219600&t=Windows%2010%20Pro%20%2822H2%29false
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://www.beyondtrust.com/0bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720395370.000002107755E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718580439.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://ocsp.entrust.net03bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736951261.0000021077558000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://microsoft.cobomgar-scc.exe, 00000006.00000002.1715720111.000001B4672B4000.00000004.00000020.00020000.00000000.sdmpfalse
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://ocsp.entrust.net02bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719051182.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718339682.0000021077731000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.entrust.net/rpa03bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719051182.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718339682.0000021077731000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://www.beyondtrust.com/sbomgar-scc.exe, 00000007.00000002.1735767570.000001C6D3E25000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://www.beyondtrust.com/xbomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1735708616.000001C6D252A000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735271797.000001C6D2528000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://aia.entrust.net/ts1-chain256.cer01bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736951261.0000021077558000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://ocsp.digicert.cbomgar-scc.exe, 00000007.00000003.1735321282.000001C6D41A1000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://crl4.digicert.cobomgar-scc.exe, 00000008.00000002.1750189178.000002832F1C4000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.beyondtrust.com/4?bomgar-scc.exe, 00000007.00000003.1735293265.000001C6D24F3000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1735609060.000001C6D24F4000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.beyondtrust.com/YDbomgar-scc.exe, 00000008.00000002.1749851003.000002832E79D000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://nsis.sf.net/NSIS_ErrorErrorbomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000000.1647447081.0000000000409000.00000008.00000001.01000000.00000003.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://www.beyondtrust.com/bbomgar-scc.exe, 00000004.00000003.1678154782.000001FB9FF8C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678905058.000001FB9FF8C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://bomgar.iws-saas.fr:443bomgar-scc.exe, 00000006.00000002.1715449989.000001B46555B000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.beyondtrust.com/C9bomgar-scc.exe, 00000005.00000002.1736951261.0000021077520000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://wpad/wpad.dats2_32bomgar-scc.exe, 00000006.00000002.1715449989.000001B465533000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://nsis.sf.net/NSIS_Errorbomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000000.1647447081.0000000000409000.00000008.00000001.01000000.00000003.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://bomgar.iws-saas.fr/bomgar-scc.exe, 00000006.00000002.1715449989.000001B465533000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000006.00000002.1715449989.000001B46555B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.beyondtrust.com/Ubomgar-scc.exe, 00000008.00000002.1750189178.000002832F1C4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://wpad/wpad.datbomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1715449989.000001B465533000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1715449989.000001B46555B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://launchwinapp.exemicrosoft-edge:about:blankbomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://www.beyondtrust.com/3?bomgar-scc.exe, 00000007.00000003.1735293265.000001C6D24F3000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1735609060.000001C6D24F4000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000003.1735188305.000001C6D24E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.beyondtrust.com/bomgar-scc.exe, 00000008.00000002.1750189178.000002832F1C4000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1750125672.000002832EE75000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.entrust.net/ts1ca.crl0bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718894735.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719990200.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://wpad/wpad.datAttemptingbomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1680821627.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000000.1668567828.00007FF7193E1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000002.1737529920.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000000.1676950910.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000000.1690083390.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000006.00000002.1716344083.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1722122428.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1736402844.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1751380023.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1732639461.00007FF64F1D1000.00000002.00000001.01000000.0000000B.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://crl.entrust.net/2048ca.crl0bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722994147.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719960535.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1736771555.00000210758C5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719051182.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718339682.0000021077731000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.entrust.net/rpa0bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1686155375.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1678097687.000001FB9FFC2000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1678832022.000001FB9FED5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1679131119.000001FB9FFC6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1678046451.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1670811829.000001FBA1CE1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718864273.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718466378.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719194367.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719422144.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1718894735.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719918308.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719713089.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719990200.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722787895.0000021077731000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719669097.000002107755C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719452720.0000021075953000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1720137323.0000021077556000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1722865175.0000021075951000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1719360295.0000021077556000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        3.233.108.128
                                        		license.bt3ng.comUnited States
                                        		14618AMAZON-AESUSfalse
                                        54.38.11.197
                                        		bomgar.iws-saas.frFrance
                                        		16276OVHFRfalse

                                        General Information

                                        Joe Sandbox version:40.0.0 Tourmaline
                                        Analysis ID:1430904
                                        Start date and time:2024-04-24 10:53:30 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 10m 4s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:14
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                        Detection:MAL
                                        Classification:mal42.spyw.winEXE@18/107@2/2
                                        EGA Information:
                                        • Successful, ratio: 25%
                                        HCA Information:Failed
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Execution Graph export aborted for target bomgar-scc.exe, PID 2716 because there are no executed function
                                        • Execution Graph export aborted for target bomgar-scc.exe, PID 4428 because there are no executed function
                                        • Execution Graph export aborted for target bomgar-scc.exe, PID 6352 because there are no executed function
                                        • Execution Graph export aborted for target bomgar-scc.exe, PID 7064 because there are no executed function
                                        • Execution Graph export aborted for target bomgar-scc.exe, PID 7112 because there are no executed function
                                        • Execution Graph export aborted for target bomgar-scc.exe, PID 736 because there are no executed function
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadFile calls found.
                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        10:54:19API Interceptor1x Sleep call for process: spinner.exe modified
                                        10:54:28API Interceptor6x Sleep call for process: bomgar-scc.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3.233.108.128bomgar-scc-w0dyc30d58iygx5gezd865178iehgi8wii7f7w5c40jc90.exeGet hashmaliciousUnknownBrowse

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          license.bt3ng.combomgar-scc-w0dyc30d58iygx5gezd865178iehgi8wii7f7w5c40jc90.exeGet hashmaliciousUnknownBrowse
                                          • 3.233.108.128

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          AMAZON-AESUShttp://damarltda.cl/certificado.phpGet hashmaliciousUnknownBrowse
                                          • 54.227.187.23
                                          Payment MT103.xlsGet hashmaliciousUnknownBrowse
                                          • 107.22.247.231
                                          Ref_Order04.xlsGet hashmaliciousUnknownBrowse
                                          • 34.193.227.236
                                          SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                          • 52.200.154.95
                                          KxgGGaiW3E.exeGet hashmaliciousQuasarBrowse
                                          • 34.195.193.219
                                          https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                          • 34.234.52.18
                                          http://divbracket.comGet hashmaliciousUnknownBrowse
                                          • 54.144.144.142
                                          https://acrobat.adobe.com/id/urn:aaid:sc:AP:c47bd847-0028-43f6-8564-6c8445af0eccGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                          • 52.71.63.232
                                          _file____C__Users_hp_Downloads_C__Users_moodyt_AppData_Local_Temp_2_RemittanceAdvice17-Apr-2024.htmlGet hashmaliciousUnknownBrowse
                                          • 34.204.127.115
                                          Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 23.23.219.186
                                          OVHFRv2cDqXmZtv.elfGet hashmaliciousMiraiBrowse
                                          • 51.79.217.59
                                          Wd2T9v9ZMT.elfGet hashmaliciousMiraiBrowse
                                          • 51.79.217.59
                                          7T1vOaCJto.elfGet hashmaliciousMiraiBrowse
                                          • 51.79.217.59
                                          Price request N#U00b0DEM23000199.jsGet hashmaliciousAsyncRAT, PureLog Stealer, RedLineBrowse
                                          • 51.254.27.105
                                          SecuriteInfo.com.Python.Stealer.1437.14994.32063.exeGet hashmaliciousPython StealerBrowse
                                          • 151.80.29.83
                                          SecuriteInfo.com.Win64.TrojanX-gen.22735.27744.exeGet hashmaliciousXmrigBrowse
                                          • 54.37.232.103
                                          _file____C__Users_hp_Downloads_C__Users_moodyt_AppData_Local_Temp_2_RemittanceAdvice17-Apr-2024.htmlGet hashmaliciousUnknownBrowse
                                          • 51.222.241.106
                                          Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 51.222.241.100
                                          TeaiGames.exeGet hashmaliciousNovaSentinelBrowse
                                          • 51.178.66.33
                                          https://www.sushi-idea.com/Get hashmaliciousUnknownBrowse
                                          • 51.83.143.92

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\BF13227E-B446-4E12-913E-7E5FBBEE54F6

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25
                                          Entropy (8bit):3.3426831892554927
                                          Encrypted:false
                                          SSDEEP:3:HIVDXYHr4v:HIZIH0v
                                          MD5:63E8819444B404995663B56A82092C11
                                          SHA1:34AD197827749E5CA94A56459B6C037A0645A0AC
                                          SHA-256:1C80BD5520D944C4EF4C586D4ED729BAE4187E2269BB5C7C0B32C025C331A8BF
                                          SHA-512:DA220F961E7C6A0BFAF7C73952721D0A1A5BED175FE1DC16FE78F1CCE93E4084C3A04FCC266D786CB1DF8073A4C5A178EAE26B88490FA51E1238F6C1FBB448B0
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:[bomgar]..bomgar=bomgar..

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\app_icon.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1595
                                          Entropy (8bit):7.728745253719493
                                          Encrypted:false
                                          SSDEEP:48:Jv6dMLxyY1KSzsljDDmHnewf2sRsp/wZEzw:QUxyY1KPZXlwu0
                                          MD5:AF304F631DB622566484B5970C1E7C2A
                                          SHA1:5F145DED43A168ACDDD4A18EDEBEBD221C0140A1
                                          SHA-256:A886FB6DE57D4F915E75B37E75220D7941C5FA8CFD04635B3E807DF8452FB62D
                                          SHA-512:BBF40E0D9601E6CCD9A654DFA0719614970721B82D6BEA82D256E607DE221FBDF1BB09B27B82E2A69A141D2C6D4B1FA93D8B70F9FE358EFD7E8B759D73BA0708
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....:.......?IDATX..ilTe.....aJK.Z(....)RR..V.......[.#DL."&...D..$!j 1F.FE..E...l".e....t.....N.:......8](S.............OY.k.4{b..2f+.. C..(*.n*.3(.S4.o.........o.1.{...."..{..ooz..R]S.mW....#.R.....;v..-....X.I6.L...L.BJ.X.F.........k..v....N5.E..r.c..G..'.......5h.,f.O.u......?s.k7nQ]SC......$ql..'.'.W .w.g..<.O...8rwu..>>#MD......Y...C...w?...1<^.5P.08.4..C.(.HQL.Mz...,..E.2V...;5..0.0..Q...R..P^..~.zm.h%..nV.]...:D-....]P...!xrF"^Yo...|........ip.u).H(...e.~SG&!..o....k..P,y.-.**...I.C.**.<p.+.K..).6..]A'..'.......8.......:..'M.!J..5....Y...\...m.x'.9..>li..pA\..=Cl..,...h.+.].AY.3.oD..*g..V..Y..(.jen.,.sr),..(._.?R.W...M.J.\;..C,....)Lb,..i.0"%}.......`....\......g..Jxdj..YoI...;s...Q.hD......;..<*..'...._......$".......X....i..n.Y4~Q.........8~.@`}.J...4y. r......F*M....+.3`.o...b......D....4!....P"..:.N.MM..4<3.$....1Q...

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-alert.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1203
                                          Entropy (8bit):7.738993625119788
                                          Encrypted:false
                                          SSDEEP:24:NUmT1WtYyXiHLMCGIpKJ81YYQ2umQk6OnWkuJV9NlS2oR:WA7ycgCLKJYAQoJV9vSz
                                          MD5:CD021CCBE9692C635BEC0CCA1A8726D7
                                          SHA1:D99C0FA7B0F1213B287304E5DFE92CDD35598E78
                                          SHA-256:4E6D31C815B0D1A80E6E76D597FA260EE4E697F74861C968BA788F3766569991
                                          SHA-512:EC8A90300EC7744CDB37D68B31805F9EA76FAC729F09779B297E6E1E09F24A72B7A7CC0F64D2A358004AD51E5910CB5777A83BB3F16E8FF7764675D7D75400CB
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs...........k.....tEXtSoftware.paint.net 4.0.19..d...0IDATx^..q.1.FS.%P.%P.%P..P.%......N...!.;D...N..W..........+.,.Z.W..`0......_m.....w....,.7..Dz...|.......R~..g...&......O.......B..o.;........i..6%...P....k....A..7..9.0.D5<G.n_.F.,......d.mQ.-I.....%.t.E5.d..z.&.,.R....."...'..r...'..2....]}a)[tL.b9...:...{D..#...B..n._.}.:.S..{G..~.").....<......D.....0.....:?Gb/.6s..S$2..."qfTF..Q.)........-.fdN......B.m.28.....c.....TN.D..B...7...x^..%>..e)cFe(9...2k3....RfT..fFexK.xTX.)gFe.y..(!..Qa............d<*...5.|.....l.5.!.R...'.o.....ci..&...`G..6.h9.A..BjK+.......B.IFe..v.V.R4*...dG...........JZ.Fe......N2*...cG..V.Q...;*....QS..BjI..Z...;*.../..YC....l...R....a..U..w...)...+%%...|.(...+!...[../...Qa.R....):].J..<.......9..E.L.*.C...sr....!...\.6.2,r....+.....5..c.....y....3.].."....O.8..{5#.Af$H\>..<K....E..&....5T.T.......".s.%...$..u\.)w.:..p. ..U,Gb...KJ.=........a&.9b.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-info.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1112
                                          Entropy (8bit):7.598783751352799
                                          Encrypted:false
                                          SSDEEP:24:S3y/EUN5w8n8cCLsk+g5L2XDV6xVsZexHU4mKDQuDO9s3UCUb:CpUN5iONXDExVsuHU41HOxC2
                                          MD5:E709BBD6FCE9B60807F6AA8167C49EA8
                                          SHA1:98B37B33A250C224F40827677B058F5A0137D32A
                                          SHA-256:7ED8DEEC8AFF2221463176C59C67AA141B5EB9BF3F0BA0798422C88B443EA3B8
                                          SHA-512:4993BB522FAEF3D2CDF48A353124BFFD76086CE81A774E7A31ADC701CC6C1503FC096BF08E8BB9925A36CEFF2D88CCF58CFC0A1A479299B7D8EF64877D09985E
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d....IDATx^..m.@.F3BF....#t....:..AF...!#d..........;.....G...xH\.V..d2.L&..,..d>..Io^^^..?7.J..5....q..;..?.{}#..!.#Ub...|%.y>l...e+K.s..<..?.......:.B,rhY..... ..eY.g..L.}...P...+k.A.=..]....d.\T.@..q.9.@.2.........2....o.v.......B...WQ....#.......e.X.......!..`.=.jh.DhF.......Q..$B3.G.D...%..Q=.$B_.h.r.U.-Q...$.A......&E..A..X.P.fJ..Q......K9..F%~.........r..QM..r.....c.l<mv..h6.!...l.].s;.Y.DiF..h.Q.%J3.G..^!U.2.....x..G...jRA.........sQ5.$^;.I...j*H.vT....E.T.x.&.$.... ..QM*H<.USA..T.x.....kG5. .\TM...jRA.........sQ5.$^;.I...j*H.v..._...E.T.x.,...~%.\TM.v....U.%....h.Q.%....h.Q.%....h..r7e..E.${.r.....E.dJ.......E.dJ..X.R.C.rQ5..~o.h.&.\TM.D...<K"...,...5 C......5$C......5(Z....h...5,Z....h.......E.Djg.L.1.....E.DJ....Q..E.DI.......].L.Dp...T=G...."......s...E.......zv...A..'9.\T.{..k...Y..=.I....m.z...R..h..4...~.Y....

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-success.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1144
                                          Entropy (8bit):7.698352941734368
                                          Encrypted:false
                                          SSDEEP:24:S3S4MI2YS2JK6ZyS5cNPXrV+qY06mUFSDtXtyh8kp:CjhtUK2PZ98FSBQp
                                          MD5:9ADE5ACEA3E363FA75ABF118C3BC4706
                                          SHA1:8AD90F2F55ADF178054E2EF6CD47D234BDFBD8A2
                                          SHA-256:35CE1A89D974EDE39FD54BE898E0F5A91E1EA038C521115E06A590933F763D4B
                                          SHA-512:74DCF48E55235E78EBDBAB02F90E8C7EE1AFC88A3EADCC138139E413D087A3036EBCA3C2924E864F87DA1D0596320FAEDB52A897F3F7BA78F01B52A5B9B069BC
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d....IDATx^.q.1.FS.%P.%P.%P.%.AJ8..........R.X.G....J'.... ...../.C...t:.N4.q....o..x.?..S...o.:.P..C.u....n..6dIik...k.6....E.\.....-H....?...r..8m..iW.j.5..d.z...g...<...q.b?..T..4+c.lt.2v.... ./.jlK.....lGYT#[.m).x.~.&.......G5.-.(P..g.<./.U...p4...G..^.v....*#..~."...B..H.P.K.X?T..e.....D...4..(.\;C..Q.-.8&..X.J...|V..8&..nO.......(fT.\....mI.0.2R$v...I......dS..d`C2....KJ..Z..L..7*.K...Z....O).....q.~....mx[K9;*..i.Z.KJ.Q!.K.&.>l.....R..mFe.vTH.....[J.Q!U.y...( ...o).T...K...-.Q!.R..u.{..D.......%%.P..%K.......!.7Qk....-.QVZ..BR%..j...Z...cG..H..p(95G._JZ..BR..J.../.....KKKvTH...+.Q.......KK[vr.m...S.....-U.%......a...,.a....ss..).F.Gm......R......x.T.zK.$Tn.N...!C3H.Y..Z.....\R2.._t/....z../e..j.874 .3J...5I....R.&jMm...@n)}E..9...H.)..u..U_T..R.....U.T.b6tE...Z.....#.VT..Y.)/.p....v..........lKYT#[..X...d..E5.....T.k.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-warn.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):970
                                          Entropy (8bit):7.585174137113413
                                          Encrypted:false
                                          SSDEEP:24:S3j6jgUBmMRZWKzISSP4pAlIy1EH9avEIzb2c:Cwgcmgbz8llI1avEIWc
                                          MD5:4263D844C484B0FE56B1F36AAE7B5A51
                                          SHA1:A37EECE9C00A33240F7F2B27A88EA0C6A430B925
                                          SHA-256:6407A4AE08A11CC7925EDCD26EA01BFCBF551607F72D481C34838C2EEB277046
                                          SHA-512:8458E288C18C5840C7383F72A68B714896CC50733E18A099A1553152754B3D3A914DDFD8F1A9EF60BFCCBE76DFDE64BB44C737AA78E8CAC37793CC0C9C01B6D3
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d...GIDATx^..q.A.E..!..!..!..!8....8.B .-....@....*.:....n.........a....c.1..c.1.......g.....MM.._.P............35..I=nJCe.z....R.L.....T..3:n....q3....#...........bL.Th..3.P.9*.@E.Q.&Bw.<S.c<.^^.o.A..P.f.*...cnA..Tc.A..P..%..fGe..<..7.....g."e\......V....k...r..a(.Z=.n..R....R......u$.e.k..........[..."..0.1....*aH..C.C..:...a(.:.l...;..=u<.e...../..x@..C..u|.....#*".eDU...FUD....eA.MQ1a(#E.,..d...C.)*f...SUT..HUQ.f.....2..o>+n...2T\...Qq....".PF....t.\...2rU...Q.a(c......x..%..0.1..a.C...0VE....*z...%T|..(...-]B....*~....0.QJ....~....b.6..3.p.....)RFIu.i0..-sV..<.......-.&U...jx....U.mi.FKo.A."e...Z.A..Tc.PFM5...@m5:.e.V.........0.Q.s7._...@..C.-..:..p.T+...Vj...Vj.0..J.P...R...2Z.5.ACZ.5.PFK.F.h@k.?..)...o....-{.o...|(..U.yP.MWu.Ca6]....|Uk......8.b.U.iP.MWu...c3\....c.1..c.1&...?;..=H_......IEND.B`.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bc-typing.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):969
                                          Entropy (8bit):7.606184373841091
                                          Encrypted:false
                                          SSDEEP:24:ApVJT5PPm0HoH3bc1vLdhc+Y4D2V6yk/BG9Mz:KfPm0HsohPA4qL9Mz
                                          MD5:81CACD52DF7B613A6BDAADB532905ABA
                                          SHA1:9F08A158A84B8D80562DD0611CB87045AE6D6E23
                                          SHA-256:BD71FEB5B38FF11CAF72A0FA3887E318F670CB5D45321A65B2D83CBF38EB9D23
                                          SHA-512:A14E3056AA3C37E3CED45F1BEAE0DA7A4DB24A3DCE93B63A31345715EAAFA8215C9E6D3B00D8E09CA07AFC5DF2E4BD7F8548CD4ADB20A9AAE32AE2DDA64EE52F
                                          Malicious:false
                                          Preview:.PNG........IHDR...P...P............sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.134.[z...9IDATx^..;o.P......`....U.k+......).,.3 1..X.!(l...0..l $f.|.......eCB..Hh....:q..!..Ig..9...............................1?.}...s~....4..:/..H.J.y/4W...i..4.Jy265;..XQ7P.u/.G.\.._Q..>.G.c...t....d...}n.P...q.5...m.I......3...].....i4-.d...ln@g.]...,....Kj?vS.a.....]....jr.c.........zI.=.....UkF.3y*9..K..=b..~\.3Ub....;.{..#.e.&t.....L`..?.mj.x..gWn...|.O..R..._.r{.nM.f......#w....M.2).~....qA..qr..>_`.Rfd.._....enH.........a%eR..MWN..sE...J#.=...:..~..R)...4....2)X.\....s.RkW...8.....J..2)....:.....SgN.(.'....Z..iky....'eR..\v...R&EN....Q.C.d....>..Nx..B.1[..MR...c.\..C.*..Gj..n...~8.%=.0.i?.'$=.7U..z....$}..rx.qu...c. .r......W..........r...Q.;..~..r....3....A`.Zx.>.T.#i.... ......_zQ..4...>pP#.c.~.G.ShZ.....h?.a.:>g.Q.*M.U....?g.a.i..4...T-........s.s.&DDDDDDDDDDDDDDDDDDD..+.~...IX.X.a....IEND.B`.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe

                                          Download File
                                          Process:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Category:dropped
                                          Size (bytes):3803704
                                          Entropy (8bit):7.997343927217264
                                          Encrypted:true
                                          SSDEEP:98304:kx8gvYDz5S+7E4jIH+KIwJqW5ksKXH/rT7mKbzPtMGDHsKY6FZM9p:kx8ggD9SojM343fXfa4tLIKjS
                                          MD5:E6C05234F5EAD39C58592299DF449249
                                          SHA1:CCC93386E293EB1AB7D7D274686B6E480BF833AE
                                          SHA-256:FB522C0F319128643C4393CE688AB4F2AD0CDA0145CC405F8D631D1B36FB9782
                                          SHA-512:5F70D7ED1DC32837D4151CB7B822D0BE8CCAC27D165BF708963209B1D659529D2CA8DBBC90B66493CD0D112F60FBB191A2D9FF0746882B0EBC4062BE39791D5F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...i:.V.................^..........l2.......p....@..........................P......5.:......................................t..........PA............9.8N...........................................................p..|............................text...t\.......^.................. ..`.rdata.......p.......b..............@..@.data...X............t..............@....ndata.......P...........................rsrc...PA.......B...z..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):10737720
                                          Entropy (8bit):6.403400194435886
                                          Encrypted:false
                                          SSDEEP:98304:h3K+0pSFBnLD+kyvOhgNQqz2BDActB/sQN6soe4vHuY:ApSFBnLD+BOhs4DBtiQsve4X
                                          MD5:B248920D9FCF8A0CFE21004D62645F65
                                          SHA1:F9D575237A86BE5CC7AC457AFB0840E4A4BBC75A
                                          SHA-256:EE030165EB9FDBCBA509CD247DD9285777311390C5E20A65D048D41EDF7F0558
                                          SHA-512:E3F28A26237E13361A4E18808DB1697F6B6743261614FFCA6FF848514379834B8E745F5C0FBDCE8D67D4B2996140B69E1F2A84DA29FEB7AF0F01836CF75855C9
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........L..t"..t"..t"...!..t"...'.9t".w....t"...&..t"...!..t"...'.Ot"..(...t"...&..t"...$..t"...#..t"..t#.w".^.*..t"..t"..t".^.&..t".^.'.sv".^....t".^. ..t".Rich.t".................PE..d...v.Mc..........".......y...).....`.n........@.......................................`.................................................8'..P.......I...P...[......8N... .........p...................p..(...p...0.............z.............................text.....y.......y................. ..`.rdata...L....z..N....z.............@..@.data...h....`.......P..............@....pdata...[...P...\..................@..@.didat...............f..............@..._RDATA...............t..............@..@.rsrc....I......J...v..............@..@.reloc....... ......................@..B................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_access_key.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):2599
                                          Entropy (8bit):7.8851491293625875
                                          Encrypted:false
                                          SSDEEP:48:9VaRpbiNJEYkGMF0RRnvzyYdHkkyk2a5NbDG1f3L7GLUrgU3vu9BnduDFU1:OR1DGMF07yakLMbD+fb7wUr1f+nwD0
                                          MD5:4C610F2C454EC9E9FF63D34D5676FBB5
                                          SHA1:0D9D980624AFD8948B44BF524CD441F111EC0637
                                          SHA-256:A751FDD03854A217B14136D9B9AECB9444B62FA0EF71A008DB66703A8CB26FDC
                                          SHA-512:B7A6EAAA937C25FAB2469B56EB8DC92250B7AB3FE2EC133F40E902327C671AA978FCF23E7BA8DFA90762ADE6A819DDCD8DDBA239724273AC7A0B06C615FB6645
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......sRGB.........bKGD..............pHYs...........~.....tIME.....'8..O.....IDATh..{lS...?v.8.$....$M#...%!@...1VT.MQ.t.":..24&...4.k7.ek#.T,.....P.k..R.L.<.8.'q...8..8q..........{PH\..+.....|..w...9.....T.....$..BD..{e.".......+.....h.5@.Xs...%.).......K.@......B.....0.....R.UW.....Bt.!....B..=.&.~..9.7.....TVSR\...f... .\hRS.w8x8?..M.HNI....8y;.T.f.e...tut.z...\|c....G..x<.F\.....6...n^x.E.[g.~!..J.....4wyrJ.|.Z]R.o_......i.;.3/'......aeA.q...e...f.WUq.w.[......."...d2.o..$...--.~r.\b.....4.`f&..X.F#.4...z.....{.7.m..]yLL.5k..`.5....=+..:M.).q.&%.[[..z.....LL.Br9...@.J.2&.g..8..].N...7....cx.+6>.h..See2....a% ...$ig......9....8\^/.I. ++.........`.>...z5ii........-......d.4.....E.|>... .....\. &&....s..s..UTT..l.U_.*bbc.Y..=}. .P..........%GJKo.........6..sw76.m&..b.@......`kSS..tTf6.Q..s...`...R.F@.....ko.B..A....Nww7.55|r.BTKK....}..........v;ST*.....j.g]]....9s.."+'.m4. *2........Q......%I....D.$...

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_private.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):3263
                                          Entropy (8bit):7.706962757375828
                                          Encrypted:false
                                          SSDEEP:48:S/6JSfUVceCmDrC7XVMszrKznG6baPZKXOORQfAWO1CM8pmBHJ9KbxLwuNbOBjPc:SSJWUxC2+LH6bA2Rg/QCBmjAbxLtNqBi
                                          MD5:41529DE2E2AB466FCDF7C88809EF708E
                                          SHA1:3834A44751FDD268780EF101B96B678873EF8493
                                          SHA-256:9C953F11AD2EE7E7495E71747EBA1BB85002FCC13E0DD91123D24019CF5E367C
                                          SHA-512:56AEA014D3D68E184E1755ECD70590E270FCBF3BBD460565959CC69718025667FF033B794F42B6C30982917935B6AB1A5D4D2472F41FEAC3099A8F88AEFC6B8F
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...5IDATx.b...?.P.....0..@..`.ddd$.0!!!.....nnn..J@.............=f......Z...j1 ''............9......Kff.fii.vM...vvv...@.1b...1 %%. --....:...)..(P.AC.0.............o..8.........e...b.&.E........#.f...J................1..@,.h.:.AXX............?r.#..jA.d........=.ZBBb.._..y.l7...EIH@@...6lll..zX......:.].A..bF ~............. ...F&FP.2..1....$.3.=.... ""..`...#..o.........0.$.t'Pm2(&....";.XXX..%......$'..4?.....?.....L..A1.....G.s.;.C..... ...j}......?....b..L.fN.`....&R....0....].....;P4A..cp2.bPQ.e.t.!,.@43.G.U4....."..2S.d`e...*ax8...5;1..`d....SF.f.......0...3..RW`....,F.....T....qE.;...l..*0f.I.bb..?.W....'.._..3|}........=......... .oO......Yc..X.1.J,.N..S.I.a..a#....Dv.x...............5%.I..?#.. d.....4...........fd8u..c\...............m..~.Er... ......J2.pp...t$#..../.fb.2.C51..US.Q....N\x........d7.....$..._@k.....\f`..=........,.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_survey.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1133
                                          Entropy (8bit):7.754045849146013
                                          Encrypted:false
                                          SSDEEP:24:av8klyUzGi0CF3foxlchpLz6YznEEcNa2:akkkUzfpNfwopySnE9Na2
                                          MD5:49FF076243C05AA6C44AE526925F966A
                                          SHA1:6BF0BA5C6AAF838E542494ABA72848E56DB4871D
                                          SHA-256:79E39B353C0A9424F74356B423DE9C7D4F5FC98DF8A70C40909C8E3BFAF6FBCC
                                          SHA-512:4134FCC1284088D699412B031EB251FBFB980E0E6C281FD9948B38F2CDC8EC6D66F327B3BF1F5EB68C87587540C2D5A60341CA9186F909E822502C8D3C9C8A04
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......sRGB........'IDATh..Oh.W..?of.;.4l.l...n.4.Bi....P.H..<..1..w..!......=. ..y..V....`.,.[...]3.v.yP.J.d.n...e.........~........O....W.J)..y.....6z.......A.....9<<,.%@JI..|...P.bx...!6.A.3........b1<.#....H..y..q....^../.iii...j.%.#G....B..y.&....9s...q............>N.<.k.8..<..D..,.|;X....wP...~.....;w.)%.l..7n077...(..E.^........o..0.'.......`.&B.......................@..........,.....5F@6.]..d2.\.N...k5..>R........5F.vP5..[.2...B.....+.e....sov.c<..!..X..1.....*..<....R.D.=....:.5..W..o?....s..0??....t...|.r.L:......w.r..i..,//.......].u.....B.n.bjj.j.J........yr..kkk......_Y.k..!_.0B&''....RJ*...ea.&.eQ.Tx...{....mR....c.6....Cb.x}..9..}E.....q..Y...H$.$......0.L.............u\..v]....B.=.H$(..ttt...s..477.8.......T.r.L2........+W....u]L.D...2>.........|.2..i.z..(.R......w...1...QU.d2I.T.P(0;;.eY..kX..;v...i..?N.P..S......J..T*.8p...%...<...d2.........;...........m....EX@\.cY6..v}j..B...Xk..}..42..R...

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_team.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):3851
                                          Entropy (8bit):7.932174020309697
                                          Encrypted:false
                                          SSDEEP:96:59esNVCDaZ7u/847WmyHf7ahi2waztHHQG:jvjqhyHf7aY2XnQG
                                          MD5:C280D0EE8C186E77DD3EF60BFC66C57D
                                          SHA1:57A03C32D25DF8153C507ED427D12FC71C4A0AB6
                                          SHA-256:DFB4A7AB6125992A5E5B4DA32E96612F317B7B354486FB3E8DEF18536BF30074
                                          SHA-512:BC614A530781AAFF295EB99C9FA752A41D046DDF9434A6B088219155A9CF9F193CF39797DE4852E08AC0BB49014AA4A86DD3D27EB82C2D9699567734EE0640E2
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......sRGB.........IDATh..Yy.VUv...........h..f.e..p.DE.1#31........?.)....2...R.FpR!.#d.....E...4...,..............?.k.:3.:0U..T....{...;...._.W.{.}Y....... "..O..._......TRD...v...[.e.P_.i.y......"...-.?.....;...:....j.y...j....v`.YS=.{.....DD..60..[.~.xg.].8..J...p...$......[7.7......X.Y..B"........$D...Q.oomm.?.w..n.E.;......ED "..b.y..6=.;v...........1.!...1....... ..y..a.... a.5FQ4&.....rf....y..a.%Nu. ./..}2.)... .D...R.5}}}..#..y.h./b.?...}..G..N...........y..".Z/d.[....2.._*.....H[..;...n@uu........d.z{O..v...I...S..Rib.yl.P...=....*....axj6^xi.........{M:.^.....(..F.1....n.m...p2.r..L....g.l.|....Z.H.R...s..~..\j.u|..{....P.)...r..rm....44O..1K.(.b...c...K..`........p.....\[?o..R.'t.7....J.2Y../...}.|.....\,..YS.o.?........QA.. Q.T....x`.?.M..m.y....~..{N.\q..#..]1.I.J...`....D}@..F.2..]..p.86>1o.....91!.j..b.....q8..X+.........l."z.K1oR.2.N..q...a1.......8."b!............}<..O....*.W..D.L.fu$.V...D..p

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x64.dll

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):140368
                                          Entropy (8bit):6.261866966050347
                                          Encrypted:false
                                          SSDEEP:3072:df0uqjrc1lIBbnuSc3J5wo1J/M6Eq5J9MyljxAexV:d/qj7BbnuSIJ5zJA2J9H
                                          MD5:2A5FE7CF943E363DC5F941785B9174BA
                                          SHA1:265AAEEA7DA1FB20242F93B28204F006ADBA3F68
                                          SHA-256:BCBAE69A672226CC42E39AA0E95B8341A4620779CB78013FE00C10C17EC9A86F
                                          SHA-512:133DA5A8723A9A7EEC9B140697DB1B838C3475F5AD82C6658143EF2FAA244BF9810704AD392B1408727AEB42AB5686456E05FC6F602749EF6CF9301CD89B4936
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............dH..dH..dH..`I..dH..gI..dH..aI?.dHB.`I..dHB.gI..dHB.aI..dH..eI..dH..eH..dH..aI..dH..dI..dH...H..dH..fI..dHRich..dH........PE..d....Mc.........." .................K.......................................0....../U....`A............................................................................PP... ..L...0...p...............................0............... ...x...@....................text...0........................... ..`.rdata.............................@..@.data...............................@....pdata..............................@..@.didat..0...........................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..L.... ......................@..B................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x86.dll

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):120888
                                          Entropy (8bit):6.602078409312557
                                          Encrypted:false
                                          SSDEEP:3072:9fCkT1flCi+mRiyun1pufdUFwFEjxDQXEO:lRp6mRzun1p4g+EO
                                          MD5:56AD2BBCD017461E5E568B9935CD33CC
                                          SHA1:D02D0F43E3296D362E14ED984AA3615AAF9FFA56
                                          SHA-256:0F324237C6B48DD08DE812BE6A3BF27E6F792BF1EB653087ED2D97AC816A8AC3
                                          SHA-512:73C42A2078A3D8881F7C40E43BF8BE7942C24BE2E61029CEE6D74B5DAB54569D1F2AEAA8B30D7D3D3E36724884BF88EE2727095087056D3F6812FA59934CD521
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............k.......k..v....k.......p.......p.......p.......k..........N...Iq......Iq......IqZ.....Iq......Rich............PE..L...i.Mc...........!.................C....................................................@A.........................a.......b..........................8N...........X..p...........................@X..@....................`..@....................text............................... ..`.rdata...p.......r..................@..@.data................\..............@....didat...............f..............@....rsrc................h..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\chat.wav

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
                                          Category:dropped
                                          Size (bytes):19856
                                          Entropy (8bit):7.234889712783669
                                          Encrypted:false
                                          SSDEEP:384:gj1zxomdMuL4O0jwDKoNZLCctbCdwrRfaKdSTyyBdu1cD:6nX4TwGoNJCctAwrdajTyIJ
                                          MD5:08071F39F4EB5F201776D297F16DD75D
                                          SHA1:3682E976A137EBC52D2998404003B908EA7772C6
                                          SHA-256:9D11DC231676F783BE1C370178CA63FDC3AAD5536B1791457AA2EEDF08553E34
                                          SHA-512:E19CF7C8C51413EBBBB31C8E8B53E41789E55877034E91EB4EA1477CF899AB7943B1F1E9D4E410276F7F0A603E232E6F80CCF9F804E90B01194C4B0E49F42713
                                          Malicious:false
                                          Preview:RIFF.M..WAVEfmt .........>..........data`<..........................................................................................................................F...&.V.@....'.%%7-4CFwB.S#O.].XRc.]Yc.].].X.R*N.BN?./0-..:.......]."....`....+..........E..........-.....F...{............F..7...~.F......#/!.1:/j?.;.J.FjS.N.X.S.Z.U2Y\TFT.OZL8H.Bl>.5.2:(.&....}...G.h......{.#.\..W.B..p.(.:.K.....0....;......+.....F.....................$.".1//b=.:.F.B.M.I`R.MNT.O.S#O.P+L.K.FuC.?.:.6./w,.". ..`...W.........Y.'..6.P.p.}.)......=.w.....<.W....V.J.F...0......b........k.!.4...o..,.).7.4qA.=PIYE.N.JKR.M:S.N.QGM.M.I.G.CD?.;.5+2B).'6...E.y.....V...7.....4.....R......R...M....b...U.N...8.G.M...Y.p............l.....M.....K&=$z2./$=.9.E)B.L.H:Q.LLS.N.RcN.P.K.J.F,C.?.9y6N..+.!......u.(...e.........z.(.d.........e.t...p....c.......+.}.*.....&.v.b.......%.... ...- +.8.5.B.><J5F.O\K.RCNTS.NkQ.L.M.HiF.B.=C:.210.&.$n...M.......k._..4.........k....=.c..W...L.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\cp.dll

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1262136
                                          Entropy (8bit):6.408879577930645
                                          Encrypted:false
                                          SSDEEP:24576:fBx5cCsXt2c4uQ/xEbX/GQFoycZvMksJD9+AiTMm:f474ujz/GQFzgvMB9+Tb
                                          MD5:C77E5EDDE813462A7459250292420BEA
                                          SHA1:88B73ED10761E93BC05BA1E361C89570D0E5E642
                                          SHA-256:B9BB65F8E1E27976EA1CB01AE137F4664309E222C229481DEA8CB181FE0D676E
                                          SHA-512:C8222F0935049F509F34B2593D6E66B6C493DEB0F0BD36DE66CB2D6B33B36CC48F76694F7D57D8760B0FBD60C5AA0581A57EC7E087268A774EEDAA0DB6056493
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......g...#...#...#...7./...7.... b.".....,.....)...........X.!...7.;...7.!...7.....#.........*.....~.....".....Z."....."...Rich#...........PE..d...?.Mc.........." ................................................................mm....`A............................................l.......h.......$...............8N......|"..p...p.......................(.......0............0...............................text...\........................... ..`.rdata..Ls...0...t..................@..@.data............z..................@....pdata..............................@..@.bmgrcfgP...........................@..@_RDATA..............................@..@.rsrc...$...........................@..@.reloc..|".......$..................@..B................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x64.exe

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):115256
                                          Entropy (8bit):6.197414408992922
                                          Encrypted:false
                                          SSDEEP:3072:ttf1W205Vw0nV/09+C5JoTqIMMFUFXeqjx4aEG:Y2ofV/tCiQEG
                                          MD5:3E6E01471AE13FB8328C441FF74B7288
                                          SHA1:02329A1030365262737D002DE951E1B634B7E9C9
                                          SHA-256:C6C016888759BDB58474CAE38C9A71F32C59093AF909F50D397E9DE736A569C5
                                          SHA-512:A534D6A0634993CC80274ADD778656D74FC737C7609AC65AE24BB1FC5A5ACD51125CCC52786E34F3F5993FBFB3FEAC6AC2086319828021F80A7E0180379CBC84
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@..h...h...h....*..h....-..h....+.uh....+..h....*..h....-..h..../..h...h/..h..H.+..h..H...h..H.,..h..Rich.h..................PE..d....Mc..........".................`..........@....................................!T....`..................................................H..d....................t..8N......@...`9..p............................9..0............................................text............................... ..`.rdata..2...........................@..@.data........`.......D..............@....pdata...............N..............@..@_RDATA...............\..............@..@.rsrc................^..............@..@.reloc..@............l..............@..B........................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x86.exe

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):102968
                                          Entropy (8bit):6.594961793087062
                                          Encrypted:false
                                          SSDEEP:3072:f0RwR1rfGM0+n+qnzVvttyrh8u2EDGeBFrGDl9H2jxM7EO:f0RwfxtzVDmau2EKfH1EO
                                          MD5:084EF2918B7C5BE348815088CD74FFF0
                                          SHA1:ED53A78D095C9A14967D4D2D171126150CD92932
                                          SHA-256:8F06B9F5F97A080E3AE4C4E536C8C57D59C8C96C45E1DFCFD0F4108E7DA0954B
                                          SHA-512:33D8313584A68E8D56AC2C129EAD8E1BA44CFDEA052643E085B807749D8B83034B8D08B848593FDFB24EE72EAA2F11B8A4CBE85078BDF787907093D95CA1D7B6
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^...0..0..0..3..0..5.=.0..4..0.H.5..0.H.4..0.H.3..0..1..0..1...0...5..0......0...2..0.Rich..0.........................PE..L...l.Mc............................0.............@..........................p.......S....@..................................'..d....P...............D..8N...`..........p...............................@...............`............................text............................... ..`.rdata...^.......`..................@..@.data........0......................@....rsrc........P.......&..............@..@.reloc.......`.......4..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\icon_exclamation.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1507
                                          Entropy (8bit):7.071641489765068
                                          Encrypted:false
                                          SSDEEP:24:Gy1hpunQWwjx82lY2T3gV82xyJ3VBYr5EGrd66v51xTa0ZSyzVdDFfPPjdU7:GwitNn2cbQJ3n5odnnxvVLfjY
                                          MD5:0E2703DC00F5FF823D620EA8FE1CAD23
                                          SHA1:AF5E7B48B02CD0E2BF82EA9668F9F0CF2E2BC27C
                                          SHA-256:36B4FFCC8D0B3271D1764D76C752BEACC15B7F1715BF569F065269E2FF0B61D7
                                          SHA-512:817916F44FB3DEBB06F0829ADB2C275930C9948729C49FDCA678DBD069B0469C8AD8322FD2AEF585B7C7416D824DECB6E43FB1DCD065F0C71BB31E3DCFCB995B
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:0C6E03FACD5511E0AE26F59173CBFB40" xmpMM:DocumentID="xmp.did:4B418AA2CD5511E0AE26F59173CBFB40"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C6E03F8CD5511E0AE26F59173CBFB40" stRef:documentID="xmp.did:0C6E03F9CD5511E0AE26F59173CBFB40"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.se....WIDATx...k.`..O......xP2)".k<.E..s0..g..D...1.....@...l............v..^<.M..7....}.H..oI.....I.}...i. W6+ 8

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\indicator_pinned_connected.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):963
                                          Entropy (8bit):7.563029008936511
                                          Encrypted:false
                                          SSDEEP:24:n/57iz8+fdXEQ57P3dtLuT5XI1mPnHoa2lFRYGQv/Z2zMZEMsjU:J2l0Q5bttLuVXUGINRY52wZEzw
                                          MD5:AD5151C4B945CE6FD19812980EAFCB9B
                                          SHA1:4761B975A69B8F019356F7DE965301673C35CBAA
                                          SHA-256:153C8DA23E2D15C8CEF64284FEB955AE46DE9D6547243F6474A5113695A84595
                                          SHA-512:4BA90963B9C7613374D9C56E30FDF1FEB2F9798C7CF8A891FD06FB5FF6EF80F9E7DD0283F7C3EAD15F365CC3F5979F375FD30EB0B95C07FCD4887ED7F2454F50
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....:........IDATX.._H.Q......j....Q).=XF.C.Tj..f`.(.iFQI.$=...`......nd.!.).....P =...a....JM....Xw..Y.....|.w.{."....a.../...~r.+..C..R..j..F1T.3S..z.0...fd<,...`.Q....Kh@....=...!LNh3FYa.A.}.6f...i...^.......*..'....[.A.g.....p.Xb<..i...md.N...;.^......x....VzbB@.a................[...3.xf..6#p........eLEc'.7.(Pr.....y..|rO..N.p.kE..&.<#.O..~Qn..jp.....+.+.. ...?@...A...3.b......`........F...!h......Pt....q.P..&..~.....r....f..}v/S]F=...m1s..N..........m.A..4.UPp......S-....xi..mJ.*.z3.>.......z8P....[mp.=D....x.6..n.z.P.........`.)}.v.Cz.w,..R.h>.m@Q.....s.8.`b.~.....D.z...........Z+e.k.l..f.S....G.Nh*.....uP..kStS.3...6....;.5..B.rCt.`07+..:!..B.Z..j......x...]?X.y....8.K...7...?L.Q......%tEXtdate:create.2022-10-27T22:58:14+00:00.9E[...%tEXtdate:modify.2022-10-27T22:58:14+00:00.d......IEND.B`.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\indicator_pinned_disconnected.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1266
                                          Entropy (8bit):7.576476008724102
                                          Encrypted:false
                                          SSDEEP:24:n/LpTDcGCXT8As4juEgiJWwl8eLs0n/hCy/gax9cDHMzMjjIvEMsjV:BDFCgDzEFJr2KsA/oax9kHMwPIvEzZ
                                          MD5:D3F22CF408EDBAEC2F731C6941632C1A
                                          SHA1:1E8D6229FF6663404416AAA71E2980CCADA6F1D8
                                          SHA-256:09C71353207ED86E5277F385D255C83E880E2C508E1D4AD98797D25E4F76F349
                                          SHA-512:662FB841C1FCC4C8C87ACEB75E1213606219B95E7374143EC51E58F92EC9518A838B76CB2620ADA30047EA9B9F401845F8959C5502654D99E1643AD054071E03
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....:.l.*....IDATX..MKr]...Z..)}G.M,.A!AQ.5.QZA..I.4....!a...JP..Q4..K..9../?...55=.7..s:..K.p......}..JE..U..P.@.{.ZZZ`4.....o.$..fgg!.J.^.....M466B .. .TW.mll.\.........q........`0..'I.B..v......E.`kB>....a..r........y.^8..8.N.b1..H$.V..H$..n..l.E}bi..........ahh.555..(..c}}.<.......r..kkk.C........g4..ph7..l8>>F6...zzz`0.@.D.....X,...~p....g..d.....Wl@.P`zz.1.z...h..............nwI<.H`gg...R....W...t.B!h.Z......a||<..`0 ....J.*k....bkk.///....F..D".P(..j...{.|~~.sss..*...P.:...W..H$H$.p..C...f.5.ggg......P..J..6..p6..(t....D"...IF...%.f3...\...\.fff.2@[....r......^F..d....<.....`....+.@4.-...I.,..............hm$......]~.....$I...<|tt....~..mmm I....E......d2.\\\..z...H..NQ..N'|>....K..p~~.\..h...X.V....l6...Q)..A.XYYA}}}.....8==.wb...x....Ep.....\2.(....>..t>...a4..J.~f..|...........R......_}..........&.'YSS..Zm.\.R.......=.B!V8...t....(.l6.N

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\nudge.wav

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                          Category:dropped
                                          Size (bytes):58224
                                          Entropy (8bit):7.610540877002438
                                          Encrypted:false
                                          SSDEEP:1536:QzHJNlD/8LkEsd2/AgnzZIzkOpSUBitMolg:ENh8LkEsk4gnzZIAiSMoi
                                          MD5:3DB154797700E68E9E8E9BED55A7F2AE
                                          SHA1:8C3464BC95A3C1AC2A880E3D25763FCE595544F4
                                          SHA-256:CB2F2418945ABF8169C15164274B30E957B0F302F6B732E03FC624E5542408BC
                                          SHA-512:D012EA10ACA0B047473C7E72B828876BBDDFBD02206A48198F11A95E28CBEB315F0F5270AB6B7B43728B0B2CE5F609A58CA16D20DADB6512428855DD5695358C
                                          Malicious:false
                                          Preview:RIFFh...WAVEfmt ........D....X......dataD.......R.s.y.V#.)h0.6f<.A.G.K>P-T.W.Z8]a_.aDb.cOc*c.b.a<`.^h\.ZAWLT.Q.M-J.F.B.>.:.733Z/.+.'{$0!....6...H...<...........l. ...........E.......X.......|.g...^.....c...S.{.a.............e...B......'.`....a......................r.C.h.......c........Y.........e...M.......,.Z.[.<...f.........E.I.".......... . .!)!.!. ] ..-.....F...........k.Q.O.....`.......?.. J".$.%.(9*.,..S1.3I6.8E;.=.?"B*D.F.G%IYJEK.K@L=L.LZKQJ.H.G.DTBf?.<k8i4.0d+l&/!..'.E.1.....R.....'............../..............F.G...............e.-.2.~.............#.i....,.Z.a.V.'...V......b...Q.z.x.:...B.......r.4...9...,.....s...a...~.".............Y...l..!.".$.&.(.*.,...1.3)547'9.;.<w>.?VA.B.CYD.DNEoEbE.EmD.CpB.Al?.=h;.9w6.3.0r->*.&.#S.w.......~.|.........8...m.2.../.w....y....e. ...+...........@../...]....g....3...3....*.L.d.U.>....O...Y...+....(.....?..4....3.(.A.....o.{..6.......l.......%..U.4.<.o...2...U.....;..!.&++./.4S8x<c@(D.G.J.N.PgS.U.W)Y.Z}[3\.\

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\pinuninstall.bat

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):65
                                          Entropy (8bit):4.587226082026236
                                          Encrypted:false
                                          SSDEEP:3:D/GjIWtAdASmL4MMv:L/d/1vv
                                          MD5:71D2AAFF7A2DB28EC9C4C69FB932449B
                                          SHA1:998F78994B4DA4E8B49E6E0CF0EC63A40C96A73C
                                          SHA-256:6213F323269B7DB7BE0857F983C394D69C8EA2F6981014C54E36F7A7AB9C19E5
                                          SHA-512:1D5FEF1EF55E48EB507DF0382E0D3554098E2A05E5FA90557C2BE243B5D186FE1EDDA9F3354067828AD5AD35B399EC1713A36AF011CB97EC18D5595ABF912B0D
                                          Malicious:false
                                          Preview:cd "%~dp0.."."%~dp0bomgar-scc.exe" -pinned win32uninstall silent.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\preload-en-us.rdf

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5182
                                          Entropy (8bit):5.727900250139019
                                          Encrypted:false
                                          SSDEEP:96:rTp8xzWk7V7r50q/ToDCjqviFWDzrPI1Rk5DPkD4PuPWP2uyfRLIh8RSCPZ:rdOWkc9DCjqvJPrw1RkVqehix
                                          MD5:C4986AD5F37B553F0EDE22837149CD6F
                                          SHA1:C7AE33E53C75A800B2C8FAF43EF2859632E11E49
                                          SHA-256:A6B5353F549693F4DA3FB23B90E2DA1C4785F20459ED21C3356EE93D16580A87
                                          SHA-512:E73CEB3272763D4CC471E0EEAC5CD790C20C494BB30E28990CDD7AA314ED6675CEFC783963963FD51F649AE6395759D73C438559400378C9BA751DB0D700AA41
                                          Malicious:false
                                          Preview:BRDF......22.2.3......c[....en-us....................j.... ....ABR_REP_COMP....#ABR_PRODUCT...../....APPLIANCE....Secure Remote Access Appliance.....%....CALLBACK_BUTTON....Support Button.....'....CALLBACK_BUTTONS....Support Buttons..........COMPANY....BeyondTrust.....z....COPYRIGHT_NOTICE..c.Copyright . 2002-#COPYRIGHT_YEAR #FORMAL_COMPANY. Redistribution Prohibited. All Rights Reserved...........COPYRIGHT_YEAR....2022.....-....FORMAL_COMPANY....BeyondTrust Corporation.....!....JUMP_GROUP_FULL....Jump Group..........JUMP_GROUP....Group.....#....JUMP_GROUPS_FULL....Jump Groups..........JUMP_GROUPS....Groups..........JUMP_ITEM....Jump Item..........JUMP_ITEMS....Jump Items....."....JUMP_SHORTCUT....Jump Shortcut.....$....JUMP_SHORTCUTS....Jump Shortcuts...../....LOCAL_PUSH_JUMP_ITEM....Local Jump Shortcut.....1....LOCAL_PUSH_JUMP_ITEMS....Local Jump Shortcuts.....(....LOCAL_PUSH_JUMP_METHOD....Local Jump..... ....PINNED_CLIENT....Jump Client.....,....PINNED_CLIENT_JUMP_METHOD....Jump

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\proxy-settings-cc.ini

                                          Download File
                                          Process:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4159
                                          Entropy (8bit):0.8579314617297715
                                          Encrypted:false
                                          SSDEEP:6:pYMy+Idh/YPPtY6Idh/YPPpY6IdEQjPP0TtGhfS8g7Essssssssssssssssssssy:G/A3q5/A325qQj30TtGh3gP
                                          MD5:0AF12E7932F25CAE94FFC2DCFDFA1EBA
                                          SHA1:FB164A3FE1BA3F37EA1C9CE661CE2FC9C2099557
                                          SHA-256:4DD21B568F8F5C91A29500FD75AA591591B48DDD04666F7B33A6214CC61E6CE4
                                          SHA-512:00575778D6286A0C55B1C69D11A5609B4404A6F741D2A77E2E8ECD93577F82E8E73A9F3815F8858D46129EC86CCB6F17F86F55B6A79FCB2A1F466019EFB30F19
                                          Malicious:false
                                          Preview:[Proxy]..version=2..[Proxy\bomgar.iws-saas.fr:443\Detected\1]..Proxy=DIRECT..[Proxy\bomgar.iws-saas.fr:443\LastGood]..Proxy=DIRECT..[Proxy\ConnectionEvents\bomgar.iws-saas.fr:443]..connectFailure=1713948872..connectSuccess=1713948869..proxyDetect=1713948863.. .. .. .. .. .. .. .. .. .. .. ..

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\remove.exe

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Category:dropped
                                          Size (bytes):73696
                                          Entropy (8bit):7.264659030360537
                                          Encrypted:false
                                          SSDEEP:1536:HRPYqa5pic6jXFdL2KiMcMmMLzKQH0A057PPxr7JEHUZ:xPA6jXFN2MclMLzKQH05jxr9E0Z
                                          MD5:DEF72A90AB3F462C53EA19B534E705F7
                                          SHA1:5807D96C3F300321C53B31F1801FA984F874157D
                                          SHA-256:48F4C6623AAE345014021EC41BE843F04B7854D6658D62B9A3C3A5B0D2345D01
                                          SHA-512:C3F6D63113E4628C18E696FE99D9D11D131AF74194EA02F47546B63A1EF8183031E6CDD702502D554FCB7F3E71CFEB847D2A04B1D7925A5B1D6F1C746CC73B0F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...i:.V.................^..........l2.......p....@..........................................................................t..........................8N...........................................................p..|............................text...t\.......^.................. ..`.rdata.......p.......b..............@..@.data...X............t..............@....ndata.......P...........................rsrc................z..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\sas.dll

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):33360
                                          Entropy (8bit):6.916869367056256
                                          Encrypted:false
                                          SSDEEP:384:QhcvUaRk5QzPbW/9wWo2IYiZKjNyb8E9VFDPxSJvIYiZKyT5Pxh8E9VF0NySR:ECi9iYiCEJPxSKYinPxWEs
                                          MD5:DD5B8D870BBF54305E4E33B77BE453CC
                                          SHA1:3C2D9B77831E156E485541DBE62520E8C9075673
                                          SHA-256:8A302FD6DD7623513754189E935A846EB0ED2650D04DA569AA8CF21EC89C2C6C
                                          SHA-512:7E5D97956AA8502F4EEBE0F8ACA44BACE96E3708AF4CAB4CCE0558070CCEFCF348CFF8EA4F6D6F62845E657E8D83F38C6ACDD19027D521CE9C39A2BA4F69542F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.p.{...{...{...r..z...{...P...r..|...r..q...r..z...r......r..z...r..z...Rich{...........PE..d...i..J.........." .....$...........$........i%....................................j:....@..........................................2..B....-..P....`.......P..D....2..PP...p......`...........................................`.......8............................text...R".......$.................. ..`.data........@.......(..............@....pdata..D....P.......*..............@..@.rsrc........`.......,..............@..@.reloc.......p.......0..............@..B...J0...K..J;......JE...K..J;...o..JR...........msvcrt.dll.NTDLL.DLL.KERNEL32.dll.RPCRT4.dll............................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-attach-hovered.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):2137
                                          Entropy (8bit):7.8159577929553326
                                          Encrypted:false
                                          SSDEEP:48:C4f69t9Q2Hn7lP2b19DT0mRUTyN39yRt2/:C4i9t9VH7lPQR/iTy/yz2/
                                          MD5:BC5A365CE42DD94114762E65738A6FA7
                                          SHA1:6B67704171A112E6377913726B402E2655D4D5A4
                                          SHA-256:3B464E84EC9BB94DC5159D3FB865E887507D622E2B97C6A42187780C41E898B9
                                          SHA-512:AD1DED7236A989C9033F6D888E2F619649031ADC10775E57F3247E4565BBF95CD04A7A9E92436C806589447F436F9D306FF7A14B20A1294E502D07F6431256AF
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d....IDATx^..sSe.....y...z.u.Q.....q...2..8.t....xAKe)..).6M.sN.....u.Y.. ..6...r......3.A.=..I....y>3.....7.<..s.L... .. ......]J.D...T-Y.`.K..m.H#..E..aZ...............:t.4^w....n1..PT-.8.....B...1.g........4p.N7.%G|....O3=...?.i.Z....'.....t..o.?...K^..F.......b.V.C.&1=Q....{x_._>..Q\p;xx....Y..?.......u.@b.........H..|.n.oATB.q|..|#7?>.O.."...w...?Dl.Fz.kI..x.y'W.>2..].r.|d....Wh.u....{Q.T..g. .Z......OmQ...M...PG.V.<...HX..w]_..L....O......s....b.(.:4..).0.....7.&..c.>........P.4...0e.....cb.n0...|..z..".&I..o..e{N.!...sH.../..f....h.$................<7J..&]_...mK.z.f1L..&I....C.... .<...]....D...M".N.&]W.......?.a..4............Z.I.W.[./c3..%.I7\...Os..b....o....p..p-.6bB.X........."@.l..T@=.k..V.._U...o.At.....W...._...F.q..|.k...P..!.......g..h.$..*.9$..P|].D....0F....W...u..T.C...._M.S.~..(..,.(...U.h..(..,.(..8..'.N..I...x..$(..8..

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-attach.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1165
                                          Entropy (8bit):7.60995073664814
                                          Encrypted:false
                                          SSDEEP:24:NV4hZPHUnaspPBQeZEWowdYuYuYsFT/qyvEJggj7vqgqXgQCu7ky:jbnasNB5ScdLLPTiyvGD7ygqXVtr
                                          MD5:5035F9D46B6FAD0AC28377AAD527D9D8
                                          SHA1:F2B0A2F3D343499F96082F693105184AECF25D5B
                                          SHA-256:6081301FE9E631E8E64E11DF3C004F17F3517A3B50FD2BD61C678D46EC13E91E
                                          SHA-512:49F247F3C3657957C5744530C7474C9689CEBB87F2E306D0B8E69F0B4045B9541C1703833CED457F579ABBB9B4C8B8AD00DE541F461D8AA1BB1FAF18C024F042
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.16Di......IDATx^..MHTQ...h....(.(jQ...]...-..E..)....0BC...8.Gn*kQBP.. Km$.3..]...W..6.9N.g.......l.9....F..E...........e5.....x.Pa].0I#.......+...Xh.O...../.8.....Tbh....(...>:....F..T*?]..z..e+..j/].aD...5.....,U..w.g...........c.6j..j{....#...V.G.....|..+.C...<.-..^.D.Mj..w.1H..E/.WPKL.#{.4..+&.E...s.\....B.....'j............G..w,..WI-....P.;.s..b.......b.....X.jJ....?..Lx.1w..`f .f..w>...>s.. %.ff.K.......GX..$.......$..f.>. %...u3........0},@J..... .,.%A0X.K.`.....`......\.....$...pI..... .,.%A0X.K.`.....`......\.....$...pI..... .,.%A0X.K.`.....`......\.....$...pI.....-....m...HfJ.-..O.......LI....8f...pL...K.|.Ja...E..m...HfJ.$.}F5.TS+......i.`.4..l..Zy.[..UV...L.~..{...V.....D....?.g..s.*r...z*/z...p..5.3^Y.z..Ojs\%3...p.\j..........d.Z.}N/.3.s.....#..@'......y.2.S.n..}.:0-.0_.M.y..-.1U.?\e......{4..=..P@.*(.yd..EO..pwR.8\`...x.+.%

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-chat-flash.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):12131
                                          Entropy (8bit):7.763731347796219
                                          Encrypted:false
                                          SSDEEP:192:P8iMjGEJRe0knM0QB8V+qEtQzKSqLsNZFWPFZ28EfDMumCRuHt:+GEAn3Q+zEtQzgsNZFAfbE2E2t
                                          MD5:BB64E025269B39754DB687D6CCEE1011
                                          SHA1:EE19BAFAA0CD8AEBCC73AE7CCD6C6656F6E7311F
                                          SHA-256:567EA2248F55577ECE97CFEB36CFF649C777487BF785CF3A0D116468E8584803
                                          SHA-512:DA4FC769D672C64555AC726383E3FF22600F00150EE33E6F95F33247CA6693A1D4FDC2AA591181C774D4982EB4147F94F6067116537941ACA2C5F5B60ABF80AA
                                          Malicious:false
                                          Preview:.PNG........IHDR..............x......gAMA......a.....pHYs...........k.....tEXtSoftware.paint.net 4.0.173n.c....IDATx^...UY....A..6.. \.. 2.I.. #}..g$N;#fj..m.M.A...#Si.L.2.8q.01T.HM.H.. ....~.H...af.SUmuW.....q..^.=...Z.............._#.../..rQv.~9,G....$..FrO.w<.'..@..{GV....g.g.g.2..2..2...&..B..M...G..1.Iuu2...&co...-.}.......w..j.y!..B.!..h...{.&......M...:.ua....#[W...#..B.&..b....E~Sj..~l..l...uj.vgZ..B...Dd.....y.c...7.....m...m.'m.B.!..h.Y.;.....iN..0l.......R.|..B....a'....vv...._...mg...mSN:$...UlR.;.|Zn.....mc...)..!$J4.o.}rF..3o.@....-X....!.....}.....K..k..F...J..BH-...W.]Wnw...{`=.v...w..BJ..h...!.,....Y...em....B..@l'..%_....x.7.7kk....'..B....7..W.3.16k...)..!......X&}..[.p..!.......E.f<..=....9.B.yY4`..u.F-...VX[.6...!....v..6...x.(...9D@.....v....].....}n8D....x[...........|-..M.!..hp.&.T.......oX.YL..B....bgCs...1.W...N..B../{.=.....l.....[.BH..@e.......3...>uT8O..RN4(.e|'.}../...>f}....!.E....u..>`Xv.A;a....B....;..E.~.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-chat-hovered.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):11518
                                          Entropy (8bit):7.748157744603988
                                          Encrypted:false
                                          SSDEEP:192:rsfCYp9sF2lIrWTgolT1Ng9WGFkaeo7oyn/Wz8CufKUHFN5E1HGpUCQ6/Ab47qyE:pnblox1Ng9WGFkaeo7o7z8CcKuXzG6/E
                                          MD5:E7F345C660F7810A244B680DC837B7EA
                                          SHA1:0EA4245220209E00EDFF10C322EA92A5C5A00A67
                                          SHA-256:66024A8358B391178028019755AA7A38178AAC74324B45B28C7E706F80A69617
                                          SHA-512:D63D747F1F4CC3A0410889CFC87700910FCC98CAA3E28298B6CF37640272F01E71FBB2CA1D88560D5C3D8569461819AC89AB953BB78FEC5452B931ED5CBD7B6E
                                          Malicious:false
                                          Preview:.PNG........IHDR..............x......gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.173n.c..,{IDATx^..=.U....X..m... ..vk.d.....! @....Y.....+..." p...............8pK.........E.%.....8 `.....v=..|....K?..F..N.}.....Oo..P...L..>....F.........?...................m...g.I.6...gu.......Fs,.....Muw3.....g..A.....w..Q.W...ww.....E..:...m~_.o..U...=.zL...1.c...=..zb..l.T.n...D.$../...c..P...S=.z..c.`Mv.........&.......k=.z..;............t..n..\....h..;..FC.~W....%.9..$.......t.>....M.;..........."..6...|3<........X.k......]...v8.n.}..r.c@........d........_..e...1.cE.;..f.E.r......uE<.M..c.W..$..TH...$<..+..N..-.c\..M..@%.!.}.K/..Dc.c.c....Zv.(...(..}.:..:...P.....M.jhq..3.(.]...a.......c.cW.;....E`B........t,..FF(.].F..K...n.B.r....-.L...#..V.=k^.l.....0......R._BD.....s.3. ."0..Awe.-...tn..9..9.....=:..ih..G.Z:Wt...q.......@.[..h.t..\r......lH.a^...........@o.".&}..Z.5..p.......5...H..."..>.q....A.?...E...D.......M..E...\...

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-chat.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):13186
                                          Entropy (8bit):7.785415595528847
                                          Encrypted:false
                                          SSDEEP:384:ctuNslmClFUjiIjvXvCqTf3FOdgO+FP9wsK88i7TxN:ctu4lFUW8/CqLFmgZKsK2b
                                          MD5:8EAE4FC3A16A7EED2268E295A420A0BC
                                          SHA1:1170653FFB4E915B4FFD3A142B62A57C20E0FEAF
                                          SHA-256:7A90830D5EEDC789E89DED68482BDB5CB250FAAC2B6375009912815EAE3FFD1D
                                          SHA-512:6567D2BF4102D97ABAA33BD35EAB8929BB9F3804AA9928F75823F10BB5F80E868C82D7A634D3D8FD54A28E6E9FF98B3EA716F2AD9B876127352F631D0367CF45
                                          Malicious:false
                                          Preview:.PNG........IHDR..............x......gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.173n.c..2.IDATx^..].U....6.L..L......X..&.`bb5...`LlL.V0&6&.VH#.E......P...!T......^....y...5.M.4m._......g..>{?..?.\8.9g....5..3......oH....r1*6..b..)..}.aq..(&.(..!1....~.~.~...........PXlB.!.X..r@....j....d...N..$..]v...].;.w...U..@X...BH~..nP..:.m.....&NOt...u..F.......!...#..,......|.H./....u..R...Yau.B.!.G&".....=6...&1.O..s].....B.!....`....U...nN.C3t...@..p.|..B...CO.....v=y.....N..nK..tH.!.RtR.zly.8 ..>_.mu...mNA@.!^".~......`fM..C...m.....B..!2...k.O...a<.6..h[....!..T"..._.z]......h..6...B..52@..v..]...Q7mS...q."B.i32...|z..=).......'..=N$$..&..n.x....G..j[.. .....k.`....r1.9...2.. .@........h.]..3!...E.L}........m..y..!..#..^...M../....b..A...B.F.A.A.^g..~x.m^.>7."....x}B........F.|-.}...BH>..m...=#.A..N......m.!$..`6G...\..L....3sB7"..t"..>nU..n.p.&G....!$..@...G.!a.f..F..J.y...x"..^.V..........q.!!... ...]/8..h..iPO......."....

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-disconnected-animation.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 1500 x 200, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):2146
                                          Entropy (8bit):7.178988398026767
                                          Encrypted:false
                                          SSDEEP:48:cAhKPeoPLCWlriRSJ40W0wIFDh2Ua+pU8+S4NhF84PM:jAmoPxiR8PbwIFN2xb8m84PM
                                          MD5:42F5496EFF0F04BB66C9F70267555DA1
                                          SHA1:3C6CDFAE05900E643F1B3D2753ACA7FA0E372054
                                          SHA-256:60ACCAAB72E7064B7A4748BF4225FD66B1B89EF2AD588725D05E5B4D297AF5B3
                                          SHA-512:8BBB1BEE0B9C996EF3698FCA4A86682E9B91C74F6448E7E8CE0676906E225600AA09A49B3C83633E4FA4C230FD5D4D1E601F8B5C5247862F0796D7E7FCF97481
                                          Malicious:false
                                          Preview:.PNG........IHDR...............|....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.../PLTE_`bnoq.................lll............QQQ.fJ.X..U.mnp......l[....t_U.Y!.V..X..U..X..c*......~`...]C.V..U..V..eNkkm...j\...p_X.V..Y.......Y$.............U..U.......W..[..z.Z,......V..V..e?ttv....q[..}^P.W..V..W.sc\.^..W..V.cdf.........md`.p....e`_.[3.W..[1.V....666(((...ggi...}~.vvx.........(....bKGDd.......IDATx...ysSe....b.D P(.d.......V.........;86......7..y.....~sr..............................................................................................................5l.Md..VZi.U.Vi.55=d[Z....Zi..VQZ...[.....jt]...J.(.Rkz...2V..j..VZEi%...J+.2l%...J+.2l%...J+.2l..mj..md.&..J+....7}z.?....XM...VZi...X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....H.o..n.wl...krfr......=.3.{v...d{X..{........Z...j............=..'..^./...........C.....O..I.?..a.J.._n7.L..V.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-fontsize-hovered.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):4179
                                          Entropy (8bit):7.942893504616903
                                          Encrypted:false
                                          SSDEEP:96:Dq5kjYyaAYVIxQkF1AiLZ1NexiPojp3WkJ+iBBBL:DMesVIxQkPzIig93Wq
                                          MD5:BA726D8E0200BE75DF19278705D16F6B
                                          SHA1:90290E095F5F795B5BE39F3423B2690866AAD5C0
                                          SHA-256:7B28F3F46E4886B47C65ED67B01CB5798D2F7DC4FF4DB7BD047E35E3472ABC0E
                                          SHA-512:92262CA896E3C1ED9240B236E3D65A02997A13D21164AA902DC2B01E464C196EA1337E4BEBE3CF5B10C30FB25C4E9E5BB00E223027219C6386E4383FEED328B5
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs.........j......tEXtSoftware.paint.net 4.0.19..d....IDATx^..SE..Q9..T....s.u.W-T..DED..].....t`..$/.... *.r.....L&....w...P3y=.K&.....[.............%.<x.......<x......Cl.8]n......W.!u......`..}3D8.Z&.?c.....v.P.).vN..<T.)[...Xv.l.p.......xFF3.2p.I-.C5.}L...z..0...c.C2....j.>.I./.d..1........#.A-.[.C.o....F.V.x~..J..b=..r?.Jm ...~4..GpC.....=T......\K.-.L..c.6..{n.-|.=....L...j0E(.....p.SE.{.F;n2f-.......dK...@.......^<m2fML.;..bo..n..h m|...h..T+$Q8i|f ..'..J..... .9...0>3...%...u3.LP........K..M..<P..? C..!ts.J..~DF.;...VI.....L.s....d[2^.O7.."..A8d4.p..x~5..u........_....n..p..Q.z.b.....bw.<..|u.l*c.`:..Q.n...p.s.R...@X.{.'.|..~..T..D.f..u.nv.0i.S.....M..M.Jxt..x......".....+d,...^..@..`.{.3.!.lT.5.3.6~.m....N.5.1_l=......A..=......fg.j.....Hz...rZ..wb.5..Y...-..OMIG..+...St....A.0.C..M..pz.o..y=n...v...N........^."....e...H.9)..Z......-,P..I..#{(.:.............t*.....GWe.}...>.(.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\scc-fontsize.png

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):3202
                                          Entropy (8bit):7.89996341707749
                                          Encrypted:false
                                          SSDEEP:96:WCuJNAArrHAcjzEr4iQS0sWOtnyq7L4tW778:W1hrHHfER0CpR4t7
                                          MD5:7846E95EE2757C9421DBE5A4B57CD105
                                          SHA1:07C091FC1062DB5C15B8E6E24622047E24CA2C44
                                          SHA-256:46BA0C5A3C5230F17CE61A2F6A30B4B7E920EA69C1FEC03A298C369F5F271AC2
                                          SHA-512:C27604D081C9918D9E49663BB1217879D0F9D08E85E6990097C2AAE2E91AB25773FD44DA1C827B72A9CFC450ED6E8E687F095172509C4A546C13A2089B30839F
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs...........k.....tEXtSoftware.paint.net 4.0.19..d....IDATx^.........c^`)i F..V[...1.j...@...R!.BT...k.7...^v.Ep.EA*/Yh5..{......X..-6}..V....;s.....w.s3_.K.....7..9.3...(...(z...=......E.....{@..=....P.p.(z...=......E.....{@..!......F~.....)...T....|..It.....P,d.p.q9.8b.[l.._.@.P..:FI..a'......g.@.P...$G.p'..iQ........(.*........b.......\.b.".}@...v...%.o.@..!. ..;....s~.|........_l-G.......y.\a....B.l.....S..fE....c..P.fC.Q....BC.5.....:.:.../J6...l(.I.q;...B#p.c5r.$.a...[.B......p.i...v.....\{T.{Q.2.E;?.....&..."..51..4j'..XHp..V.....44./RAf.i.N.2.hQ..\..j+..XHH...Y...&Ut....V..|(..*4...&.=.@.P....D\....#S$..4...~.&...X6.;....Fm:... ....X.a......Q......x...4...Z.r...w.Fm:...B..q..y...z.EpB.b...)......*..Ae.H...<h0j..P......}0....T....;b....YL.S{]c.3......x.4....-b..$.T.mb...z........~.D.Yn.^9...M...I........jQ.N.b6.7.'......]..n9....R........{..>.n../.....{u.gCP...M.]..n..v.'...1.P.|B

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\secure.ini

                                          Download File
                                          Process:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4216
                                          Entropy (8bit):0.38338775094565064
                                          Encrypted:false
                                          SSDEEP:6:1YbRes6wSEsssssssssssssssssssssssssssssssssssssssssssssssssssssR:1Oeh3
                                          MD5:17CDC6E9653346237298C8AC829465D2
                                          SHA1:6432DDAC2AE3A9606A190E8A65468F7F5BCD6B60
                                          SHA-256:EC038CC7F825C167C26A38FAAAC171A796A22A05DB6E058FE445B8787C214544
                                          SHA-512:293F8ECF85FD45E45424989ECB6D5DC3ADD5B920FCC145843F46B4DA232E4CA44FABBA13FB64FC345CB3080C398F7ADCCC7929E47DC09A605039DDB22B74D278
                                          Malicious:false
                                          Preview:[General]..sessionKey=494b4ebfd2db029983e1517ec6f68ec0.. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\server.lic

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10046
                                          Entropy (8bit):7.98083040753861
                                          Encrypted:false
                                          SSDEEP:192:rTNiy4dqF2CjxJkng5thWvDYMYEGvKSjCKqp:li7qF26u+4YHXGKqp
                                          MD5:F4F1B96913CCDDC1F38A0EA63B0A99EF
                                          SHA1:4BD289E4C539530B32D6F77E74E050B44AFE4DA8
                                          SHA-256:AC6A99CDAE077D757ED20B9D9AD404313F0DFD45EB7F2992285D84D6846E4C43
                                          SHA-512:D543FC196C8CF2D1057788EC6B915B660B267ECAE568D4DB8FB50EED707DD9607BFC80F1C3306093ED761C8DBCFB2A0BBBCC58B3F616363CE136EC9B1CD291CC
                                          Malicious:false
                                          Preview:Bomgar Software License v09.11..&...j...4.Fu.l..M..f..N...<k...Gx.B...z.4.muf`p5W...Cz.k3@. ..@.....#T.B.P....A..{~4HtX....3.'.0...|a.V.....sX.gIdH..(W...y...'4).:..4P\.B..$.EDz..........t....m$v..j>...J*......m..&;..3.=...p.n.Lt....'..g9./.Z.}.G._h.....c....d...#.e.N.~....I..pR$...?,...m+"}..#].4..5OK.}.wU.G..6s.t...q.."...@-..IqY'.+......N:....n.5..NT~,.r.9vb.u.K..a.Y.[....=..A.G@.G..........J3..{......<sH..M[...Qt!.9.`uMav.,....-Pn..x.g.TU..^..!..3.4g.....~.`v~L..x.J.[.j.6l.#`..t.....l._(...>.F.eR(.q.......55,'.s..F...sx{.%P..c.F.66....2..e...A......j}..+.N..................i.y.`.&.g..o).E..g..2./V.....|.M%.9._.$.A.....i..3............Q...(.2..6 (..55.$....B I}.'.r:7.u..<.tI.x.c...3...y.D..h1.v.@.....zm..'/...S ......x.....X.)..Y..%.....E'.<.1..1........-F...DzD}.K.......|b..0...{.(UmV..g..m..`...P.j....&n..q.o.....z...[Q..q.t..>[vr.....$....;9......*..J.,..".Xp.jD.jU.Qe.7....-....X...y.@.z.b.'.l.l.n~Z....`%.7..rA"..3z'....b.wYJ......cWX:G.

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\settings-cc.ini

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4165
                                          Entropy (8bit):0.731817994996901
                                          Encrypted:false
                                          SSDEEP:6:19eZHQHRIAdGXAoSDafz9clovMXy27Hssssssssssssssssssssssssssssssssw:10ZwHRIAtjExVMi2jQ
                                          MD5:1141E549485F57A04E054F65444C159C
                                          SHA1:3F952867D11D7AC8D98244DF6A4E5B7C6272638B
                                          SHA-256:EEC81250BD37C6BA345ADA299275BE21CF25AA29424A8501A194E9A6282266E4
                                          SHA-512:965E48D3347C511F7153475FEFC4A4C0BA595B03F04CAD0304E30FA07D39BEBEBC8CC3C8A6130A25255DA38A1F4DFB6BB5FCF5433B9701777F52FEA683F90E66
                                          Malicious:false
                                          Preview:[General]..build_date=20221027175718..build_revision="3143-ed09842299ecfc168285eed9c75148f559a689b3"..build_version="22.2.3"..install_dir="C:\ProgramData\bomgar-scc-0x6628c8bd\"..instanceID=6628C8BD.. .. .. .. .. .. .. .. .. .. .. .. ..

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\settings-init.ini

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:Generic INItialization configuration [Reconnect]
                                          Category:dropped
                                          Size (bytes):288
                                          Entropy (8bit):5.1137351157022
                                          Encrypted:false
                                          SSDEEP:6:1IX3J+hIAdfeZKVTJ4DG7r6KSX0wJ8C+g5KMJPzy:1u+hIAEZKVTJ4avLmCUKMdzy
                                          MD5:4A85F7C0E61249120DDABADD92E180DE
                                          SHA1:18D33673A6C8AC2B0A4D54D7C9E899306F6C2FCC
                                          SHA-256:14247059ED01E828C4D30CEF11C89068D734A530E98310D96B3A72B0D1A8F726
                                          SHA-512:C1C2BDE7CA41C62A0CA3B7936DFE6BACC81979E55948684902490F410AD919E39921D7DE28A68EA0F4278CE55607265A124910045B2F1500596499C56B73A250
                                          Malicious:false
                                          Preview:[General]..build_version=22.2.3..build_revision=3143-ed09842299ecfc168285eed9c75148f559a689b3..build_date=20221027175718..startup_animation_instance_id=$SPIN_INSTANCE..[Reconnect]..min_reconnect_delay=5..average_connections_per_second=50..respawn_interval=60..proxy_detect_interval=1440..

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\settings.ini

                                          Download File
                                          Process:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          File Type:Generic INItialization configuration [Pinned]
                                          Category:modified
                                          Size (bytes):4180
                                          Entropy (8bit):2.5024927301967805
                                          Encrypted:false
                                          SSDEEP:24:1rtVMszFBKmi21P6NuJfCMy+WO7zV6oa3MGYqtjW2mY3JQj3FALv1kl:1fMszD5i21icJf9L7jaA2mYZQj+Lv1kl
                                          MD5:3C64CA9CFBCCB1C790E41BACF272EC05
                                          SHA1:8D09A71FF62D0A2B1ABE3C99249DA29374F33979
                                          SHA-256:8B2E0A6B7CC9B6CD94EC34AC43A8CB4EF36D71A122411CB83C076BC4861ECC1C
                                          SHA-512:D84069F2556C0A8F1A095D00A5B4829C331E9FFC00342045356F6D90F4904BC76BBFA35C72D82BC15C3BDBAA61C265EFA28CE55138AAED9E24C065AB8ED52DFC
                                          Malicious:false
                                          Preview:[General]..build_date=20221027175718..build_revision="3143-ed09842299ecfc168285eed9c75148f559a689b3"..build_version="22.2.3"..drone_heartbeat=1713948870..elevation_parent_wnd=..elevationMode=2..elevationRequester=..elevationRespawn=..elevationSuccess=1..install_dir="C:\ProgramData\bomgar-scc-0x6628c8bd\"..instanceID=6628C8BD..online_heartbeat=1713948869..quietUi=0..saved_orig_installer="C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"..sessionKeyType=0..silentElevationAttempt=1..spawnedSessionUPID="2716:c4bb151cad99b933261b8e9d5593cc3e"..startup_animation_instance_id=..touched=1..[Pinned]..AppPath="C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe"..autoupdate_use_app_res_dir=..build_date=20221027175718..build_revision="3143-ed09842299ecfc168285eed9c75148f559a689b3"..build_version="22.2.3"..instanceID=6628C8BE..[Proxy]..detect_failed=0..version=2..[Proxy\bomgar.iws-saas.fr:443\Detected\1]..Proxy=DIRECT..[Proxy\ConnectionEvents\bomgar

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\spinner.exe

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):153160
                                          Entropy (8bit):6.306963090136152
                                          Encrypted:false
                                          SSDEEP:3072:D5872UpzxlNjI+s4A8uTNlEMilg+bhwzQjDNnRkLjxAKX2xR:DSPphzs4AhjeFw+NnkG
                                          MD5:7C289584808ECDA09710B49BD7CE8D54
                                          SHA1:54EF4A97C429DD99BF21AF181355DFB6ACBDD851
                                          SHA-256:657322ADCB0BAB762FA1F09D9DD206DDFC1F7CC886C8E0876A870CD3A302014E
                                          SHA-512:0BE5354DDE44C217F0FD50920ECB8EFA031F5B75C6532A2F5A2347C61963AC8E2A9BD8EEA7C6B6D1BBA6FADD5B28F3E2D23FEFC2388447030201BE95BDFF6EA1
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)-'.mLI.mLI.mLI.y'M.fLI.y'J.hLI.y'L..LI..<L.HLI..<M.}LI..<J.dLI.y'H.dLI.mLH..LI..=L.oLI..=..lLI..=K.lLI.RichmLI.........PE..d.....Mc.........."..........P.......".........@.............................`......0.....`..................................................\..d..............D.......HP...P..8...pL..p............................L..0............................................text............................... ..`.rdata..............................@..@.data........p.......P..............@....pdata..D............Z..............@..@_RDATA...............h..............@..@.rsrc...............j..............@..@.reloc..8....P......................@..B................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\start-cb-hook.bat

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1403
                                          Entropy (8bit):5.568486223574158
                                          Encrypted:false
                                          SSDEEP:24:C3vx4Oe5KVyP8ggpdmfciaLUcGLifJkpfBrdwpE7Yic7Bk5C5HfjZn7ZWgn:C3uL0VyPYkfc3DG2ujd57Yv7Bk5CZ9n
                                          MD5:3BE907A6BA81359F4CBEC331B7D6FC0C
                                          SHA1:9B492B01D15058EE41AE1743632613A938CF97F5
                                          SHA-256:6DFD834C976BF37764234C4511CCE887E0666584D879543385442EE6F9E76402
                                          SHA-512:906A91301A42C0BD83FB401515C103E2219A9452E5FC8818F2977B1AE3BBE8CF96954DA3E50AF80CB6D0796C219D558C6AC28AF7AA46FC4BE44973A206728993
                                          Malicious:false
                                          Preview:@echo off..rem start-cb-hook.bat copies the hook dlls to a different directory and gives them unique names...rem start-cb-hook.bat creates stop-cb-hook.bat with these and appends stop-cb-hook.bat.template to it.....VERIFY OTHER 2>nul..SETLOCAL ENABLEEXTENSIONS..IF ERRORLEVEL 1 EXIT /B 1....set ARGS=%*..set EXE_PATH32="%~dp0embedhook-x86.exe"..set EXE_PATH64="%~dp0embedhook-x64.exe"..set TEMPPREFIX=Z@H!....set TEMPHASH=%RANDOM%%RANDOM%%RANDOM%%RANDOM%%TIME:~9,2%......IF DEFINED LOCALAPPDATA (.. set TMPPATH=%LOCALAPPDATA%..) ELSE (.. set TMPPATH=%APPDATA%..)..del /q %TMPPATH%\%TEMPPREFIX%*.tmp....set DLL_PATH32=%TMPPATH%\%TEMPPREFIX%-%TEMPHASH%-32.tmp....copy /b "\\?\%~dp0cbhook-x86.dll" "%DLL_PATH32%" ..start "" %EXE_PATH32% --install "%DLL_PATH32%" %ARGS%....rem write over any existing stop-cb-hook.bat..@echo @set DLL_PATH32=%DLL_PATH32% > "%~dp0stop-cb-hook.bat"....set x64=false....if DEFINED PROCESSOR_ARCHITEW6432 set x64=true..if %PROCESSOR_ARCHITECTURE%==AMD64 set x64=true..if

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_1.bmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1563480973349343
                                          Encrypted:false
                                          SSDEEP:24:saMelmOKEoyAbKxhRCeOXaXF6kCslD6XnXvHX5/1lMO3XHoX5HIlttINM0+FN:bmO37AsRwXaX1/0tMKHoulvvx
                                          MD5:7604363A3DB0D8202ABFD9C16D154D4E
                                          SHA1:6BBA587D800DF3630C1A762422B743B8F8D91086
                                          SHA-256:D732DD994C232E710145E43062E5E085E3897B885ACFB5422B6C395E3295042D
                                          SHA-512:1DD47A4EAEEE8EBFF4A661FEC6943D2D3A59E9C37E90120078FAAF90AD92C4C973F8B1526FDAD20CE4D770220EF49D8EEADFD7AADAAADB1B9057602969229033
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.\cs.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.?e..\j..[l..Ne..Jf..[q..`~..*c...[...U...U...V...W...X...Y...^..p...z.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_2.bmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.161308355433604
                                          Encrypted:false
                                          SSDEEP:48:uIKaO37AHIvxIbCrOxRsLOL7LYQb2aQ4IVIe:TKaO3+IKbCrOxRAaQ4s
                                          MD5:0B312FD112C34504680ABCE9FE6EAA13
                                          SHA1:3268FFD8504801A59AB5722A174498691419DDC7
                                          SHA-256:EB3FF2CACD409461C6A8DDE65D278C296745401FAFFFD6ECDCF470E595C98008
                                          SHA-512:2289EE101AF9736320D27FED8DD52F2954DF98208E8B84358BF6468988B714CF6894188945CE477EA43017B250C1B2C8B73F3363FDE560575CE4832B8CFC0519
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]..\j..[l..[q..`~...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U..p...z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_3.bmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.161308355433604
                                          Encrypted:false
                                          SSDEEP:48:uIKaO37AHIvxQ0b1AJRKL8LpLY2Z2oK4urIe:TKaO3+Ii0b1AJR2oK4E
                                          MD5:915B8A9DE4CCEF690B17A5A66B945487
                                          SHA1:9A3D393A91F551446561F8E42E90C0E13C1EB4FC
                                          SHA-256:BD8E3F9CCF7F108DEFDF28C74D238AFA01BD22F119A782497C1FFDCDB0CD0CC8
                                          SHA-512:16DF0E7DC2577FABB2592F514E83574404951BB2A702100238F71E69FAD2E48385B6B1E33C981B028AC6E76B076B1CEF1A57D9D9D2FB030D57465E46E2CFA5C4
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]..\j..[l..[q..`~...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U..p...z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_4.bmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1509748470400782
                                          Encrypted:false
                                          SSDEEP:48:uRXkw3/oofUGXjSjSjkjXWWPiBIg72wCbIFcbjobjiT6:Uh3SWWPiBIg72IFcbjobjb
                                          MD5:EBCFFEA1A5E062435B12BAFA37509C9D
                                          SHA1:90D95C3E42901A47CCEBF9038D629D58D6BFEAA3
                                          SHA-256:B41EF27CDCDC734B675F6A057D0130DB083B232C1456DF89F6B29DDCF2E01C45
                                          SHA-512:4DFA9ED7D9C19D06E5D60E036C85658C6CD8EA75CBE08F2BAAD8125E3D3073925CC1E071FF74E4EB1A3EECBD40F94D5DE57ABF6349182DD69E387748E0B31A56
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.mkk.lll.pnm.qon.vtt.xvv..~}.1[..,Z..C]...X...X..$Y...W...V...W...V...W...V...V...U...U...V...U................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_5.bmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1484087593385348
                                          Encrypted:false
                                          SSDEEP:24:saO/CogtALKE/KRkKVststshsniSiSGSZHTFZbL1:uhF3/ZSSunzzfZzt
                                          MD5:0DB01E512C8B09FEA1C1BCB93DDF0650
                                          SHA1:75147C7D7256CB4EF2D928BE90A2136171A3B805
                                          SHA-256:B42445F9D216CDEEBB1463F018616AB955FEF00B3F86548D88910CF60C7B5DE8
                                          SHA-512:DC89F30EF3D04BDEA271375CFB5415C08F3CB6B9E72837A9077AF5C6CD76E14F0D219D227D92C74C0DADAEB16ABCE9F8861BF607B5E2757D77CAAEAEB5E9E693
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\stop-cb-hook.bat.template

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):519
                                          Entropy (8bit):5.454910701231489
                                          Encrypted:false
                                          SSDEEP:12:cNXKIkJWj2diIk3NmyOYV9hI20STt27Sm3hFc7BThH/hO8+:U1iyOeM20STE7xFc7BdpO8+
                                          MD5:3BF7A702E700E6FBB202DDF6C15D826D
                                          SHA1:AFE2495765BC7FF7F651744CD7DE95A4D594C878
                                          SHA-256:00E023342653F09F87000879C3878A5A2FBCD729FD62330399A3EA693F72AFCF
                                          SHA-512:AB01F5CCA27ED73B1B1E3D7242C2DDFD54FC8BE8C2196FFCED634E85587F0A88273EC323B278955BEB8CA156178FB5ED207944C3080B2A8A10B03F0C53EBED9B
                                          Malicious:false
                                          Preview:@echo off..rem this a template used to make stop-cb-hook.bat. First write @set DLL_PATH32|64 = <path to dll> to stop-cb-hook.bat..rem then append this file...VERIFY OTHER 2>nul..SETLOCAL ENABLEEXTENSIONS..IF ERRORLEVEL 1 EXIT /B 1....start "" "%~dp0embedhook-x86.exe" --kill "%DLL_PATH32%" --site %1....if DEFINED PROCESSOR_ARCHITEW6432 call :killx64hook..if %PROCESSOR_ARCHITECTURE%==AMD64 call :killx64hook....goto :eof....:killx64hook..start "" "%~dp0embedhook-x64.exe" --kill "%DLL_PATH64%" --site %1..goto :eof....

                                          C:\ProgramData\bomgar-scc-0x6628c8bd\uninstall.bat

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):53
                                          Entropy (8bit):4.51963554857626
                                          Encrypted:false
                                          SSDEEP:3:D/GjIWtAdASH5Mv:L/d/mv
                                          MD5:CDD19A0D84C85F3449989EAB0BEC0666
                                          SHA1:8E41A62581F879339B83DFC7C84DCF373E86849D
                                          SHA-256:8F77C6A9CE46A37C80E3CFABFFEDCB17F82B5B6E8135F0FD2F40B6E91F6AEF58
                                          SHA-512:85DD96D2E00CFDB5DF2EA695EFC34E3EE5E907DE92147DB6EAC3B184A470363F54AC17748907F9CB6963E8FD4346B7177C01527A8A88EE5CA780B7622BCD73A0
                                          Malicious:false
                                          Preview:cd "%~dp0.."."%~dp0bomgar-scc.exe" -uninstall silent.

                                          C:\Users\user\AppData\Local\Temp\nsuD627.tmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13285190
                                          Entropy (8bit):6.447993359554165
                                          Encrypted:false
                                          SSDEEP:196608:N0+goponpSFBnLD+BOhs4DBtiQsve4PjrVmS:fghpSFpD+rSKvNXVh
                                          MD5:8A570036C3E06CC931196AFC7B440A08
                                          SHA1:BA4B388169EF8060FAD987D1FE07A8CC721E9B1F
                                          SHA-256:11D7DD88FB28B3FF6F35154BBAFEF2960BB9A51A37E199D1733DEA973FCFC33F
                                          SHA-512:10CAC9E3C66DA3EB96382F0114D5256EE14BC108DB5D58F4F14A683CC25BE45F6614B31B7F4A50DA253B718127AE4F1A63B65BB7144F136E1A093CF706EBB12C
                                          Malicious:false
                                          Preview:.......,.......,.......D...............O......................................................................................................................................................................................................................................................................P....................2..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmp\System.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):25368
                                          Entropy (8bit):6.895295268966246
                                          Encrypted:false
                                          SSDEEP:384:mf6rtFRduQ1W+fG8JOMK6jAdyYJDgf2hH:myfuQ19+8JZKgsy0Uf2hH
                                          MD5:D76DF4ED7A935E9E9EFFC492BFABD876
                                          SHA1:EC0DBC1F1619064040DB090072B0FFBC95DB4BF8
                                          SHA-256:2B7A5A8C98358AE32B0BCB468C7142C46CB2BAB5A1FDA11D3EE67D7013476925
                                          SHA-512:206FB7CE8D6E23A66610DE4F9BE6199C7A2611954C243FCD1936BDD898D2A539EDC0881182F37163F121750DCE2FEABCA426C2FDC6CC95CF75B5EBA5681DA0B9
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L...X:.V...........!.................).......0...............................`......"V..............................p2......t0..P....................*...9...P.......................................................0..X............................text............................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\BF13227E-B446-4E12-913E-7E5FBBEE54F6

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25
                                          Entropy (8bit):3.3426831892554927
                                          Encrypted:false
                                          SSDEEP:3:HIVDXYHr4v:HIZIH0v
                                          MD5:63E8819444B404995663B56A82092C11
                                          SHA1:34AD197827749E5CA94A56459B6C037A0645A0AC
                                          SHA-256:1C80BD5520D944C4EF4C586D4ED729BAE4187E2269BB5C7C0B32C025C331A8BF
                                          SHA-512:DA220F961E7C6A0BFAF7C73952721D0A1A5BED175FE1DC16FE78F1CCE93E4084C3A04FCC266D786CB1DF8073A4C5A178EAE26B88490FA51E1238F6C1FBB448B0
                                          Malicious:false
                                          Preview:[bomgar]..bomgar=bomgar..

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\app_icon.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1595
                                          Entropy (8bit):7.728745253719493
                                          Encrypted:false
                                          SSDEEP:48:Jv6dMLxyY1KSzsljDDmHnewf2sRsp/wZEzw:QUxyY1KPZXlwu0
                                          MD5:AF304F631DB622566484B5970C1E7C2A
                                          SHA1:5F145DED43A168ACDDD4A18EDEBEBD221C0140A1
                                          SHA-256:A886FB6DE57D4F915E75B37E75220D7941C5FA8CFD04635B3E807DF8452FB62D
                                          SHA-512:BBF40E0D9601E6CCD9A654DFA0719614970721B82D6BEA82D256E607DE221FBDF1BB09B27B82E2A69A141D2C6D4B1FA93D8B70F9FE358EFD7E8B759D73BA0708
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....:.......?IDATX..ilTe.....aJK.Z(....)RR..V.......[.#DL."&...D..$!j 1F.FE..E...l".e....t.....N.:......8](S.............OY.k.4{b..2f+.. C..(*.n*.3(.S4.o.........o.1.{...."..{..ooz..R]S.mW....#.R.....;v..-....X.I6.L...L.BJ.X.F.........k..v....N5.E..r.c..G..'.......5h.,f.O.u......?s.k7nQ]SC......$ql..'.'.W .w.g..<.O...8rwu..>>#MD......Y...C...w?...1<^.5P.08.4..C.(.HQL.Mz...,..E.2V...;5..0.0..Q...R..P^..~.zm.h%..nV.]...:D-....]P...!xrF"^Yo...|........ip.u).H(...e.~SG&!..o....k..P,y.-.**...I.C.**.<p.+.K..).6..]A'..'.......8.......:..'M.!J..5....Y...\...m.x'.9..>li..pA\..=Cl..,...h.+.].AY.3.oD..*g..V..Y..(.jen.,.sr),..(._.?R.W...M.J.\;..C,....)Lb,..i.0"%}.......`....\......g..Jxdj..YoI...;s...Q.hD......;..<*..'...._......$".......X....i..n.Y4~Q.........8~.@`}.J...4y. r......F*M....+.3`.o...b......D....4!....P"..:.N.MM..4<3.$....1Q...

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-alert.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1203
                                          Entropy (8bit):7.738993625119788
                                          Encrypted:false
                                          SSDEEP:24:NUmT1WtYyXiHLMCGIpKJ81YYQ2umQk6OnWkuJV9NlS2oR:WA7ycgCLKJYAQoJV9vSz
                                          MD5:CD021CCBE9692C635BEC0CCA1A8726D7
                                          SHA1:D99C0FA7B0F1213B287304E5DFE92CDD35598E78
                                          SHA-256:4E6D31C815B0D1A80E6E76D597FA260EE4E697F74861C968BA788F3766569991
                                          SHA-512:EC8A90300EC7744CDB37D68B31805F9EA76FAC729F09779B297E6E1E09F24A72B7A7CC0F64D2A358004AD51E5910CB5777A83BB3F16E8FF7764675D7D75400CB
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs...........k.....tEXtSoftware.paint.net 4.0.19..d...0IDATx^..q.1.FS.%P.%P.%P..P.%......N...!.;D...N..W..........+.,.Z.W..`0......_m.....w....,.7..Dz...|.......R~..g...&......O.......B..o.;........i..6%...P....k....A..7..9.0.D5<G.n_.F.,......d.mQ.-I.....%.t.E5.d..z.&.,.R....."...'..r...'..2....]}a)[tL.b9...:...{D..#...B..n._.}.:.S..{G..~.").....<......D.....0.....:?Gb/.6s..S$2..."qfTF..Q.)........-.fdN......B.m.28.....c.....TN.D..B...7...x^..%>..e)cFe(9...2k3....RfT..fFexK.xTX.)gFe.y..(!..Qa............d<*...5.|.....l.5.!.R...'.o.....ci..&...`G..6.h9.A..BjK+.......B.IFe..v.V.R4*...dG...........JZ.Fe......N2*...cG..V.Q...;*....QS..BjI..Z...;*.../..YC....l...R....a..U..w...)...+%%...|.(...+!...[../...Qa.R....):].J..<.......9..E.L.*.C...sr....!...\.6.2,r....+.....5..c.....y....3.].."....O.8..{5#.Af$H\>..<K....E..&....5T.T.......".s.%...$..u\.)w.:..p. ..U,Gb...KJ.=........a&.9b.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-info.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1112
                                          Entropy (8bit):7.598783751352799
                                          Encrypted:false
                                          SSDEEP:24:S3y/EUN5w8n8cCLsk+g5L2XDV6xVsZexHU4mKDQuDO9s3UCUb:CpUN5iONXDExVsuHU41HOxC2
                                          MD5:E709BBD6FCE9B60807F6AA8167C49EA8
                                          SHA1:98B37B33A250C224F40827677B058F5A0137D32A
                                          SHA-256:7ED8DEEC8AFF2221463176C59C67AA141B5EB9BF3F0BA0798422C88B443EA3B8
                                          SHA-512:4993BB522FAEF3D2CDF48A353124BFFD76086CE81A774E7A31ADC701CC6C1503FC096BF08E8BB9925A36CEFF2D88CCF58CFC0A1A479299B7D8EF64877D09985E
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d....IDATx^..m.@.F3BF....#t....:..AF...!#d..........;.....G...xH\.V..d2.L&..,..d>..Io^^^..?7.J..5....q..;..?.{}#..!.#Ub...|%.y>l...e+K.s..<..?.......:.B,rhY..... ..eY.g..L.}...P...+k.A.=..]....d.\T.@..q.9.@.2.........2....o.v.......B...WQ....#.......e.X.......!..`.=.jh.DhF.......Q..$B3.G.D...%..Q=.$B_.h.r.U.-Q...$.A......&E..A..X.P.fJ..Q......K9..F%~.........r..QM..r.....c.l<mv..h6.!...l.].s;.Y.DiF..h.Q.%J3.G..^!U.2.....x..G...jRA.........sQ5.$^;.I...j*H.vT....E.T.x.&.$.... ..QM*H<.USA..T.x.....kG5. .\TM...jRA.........sQ5.$^;.I...j*H.v..._...E.T.x.,...~%.\TM.v....U.%....h.Q.%....h.Q.%....h..r7e..E.${.r.....E.dJ.......E.dJ..X.R.C.rQ5..~o.h.&.\TM.D...<K"...,...5 C......5$C......5(Z....h...5,Z....h.......E.Djg.L.1.....E.DJ....Q..E.DI.......].L.Dp...T=G...."......s...E.......zv...A..'9.\T.{..k...Y..=.I....m.z...R..h..4...~.Y....

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-success.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1144
                                          Entropy (8bit):7.698352941734368
                                          Encrypted:false
                                          SSDEEP:24:S3S4MI2YS2JK6ZyS5cNPXrV+qY06mUFSDtXtyh8kp:CjhtUK2PZ98FSBQp
                                          MD5:9ADE5ACEA3E363FA75ABF118C3BC4706
                                          SHA1:8AD90F2F55ADF178054E2EF6CD47D234BDFBD8A2
                                          SHA-256:35CE1A89D974EDE39FD54BE898E0F5A91E1EA038C521115E06A590933F763D4B
                                          SHA-512:74DCF48E55235E78EBDBAB02F90E8C7EE1AFC88A3EADCC138139E413D087A3036EBCA3C2924E864F87DA1D0596320FAEDB52A897F3F7BA78F01B52A5B9B069BC
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d....IDATx^.q.1.FS.%P.%P.%P.%.AJ8..........R.X.G....J'.... ...../.C...t:.N4.q....o..x.?..S...o.:.P..C.u....n..6dIik...k.6....E.\.....-H....?...r..8m..iW.j.5..d.z...g...<...q.b?..T..4+c.lt.2v.... ./.jlK.....lGYT#[.m).x.~.&.......G5.-.(P..g.<./.U...p4...G..^.v....*#..~."...B..H.P.K.X?T..e.....D...4..(.\;C..Q.-.8&..X.J...|V..8&..nO.......(fT.\....mI.0.2R$v...I......dS..d`C2....KJ..Z..L..7*.K...Z....O).....q.~....mx[K9;*..i.Z.KJ.Q!.K.&.>l.....R..mFe.vTH.....[J.Q!U.y...( ...o).T...K...-.Q!.R..u.{..D.......%%.P..%K.......!.7Qk....-.QVZ..BR%..j...Z...cG..H..p(95G._JZ..BR..J.../.....KKKvTH...+.Q.......KK[vr.m...S.....-U.%......a...,.a....ss..).F.Gm......R......x.T.zK.$Tn.N...!C3H.Y..Z.....\R2.._t/....z../e..j.874 .3J...5I....R.&jMm...@n)}E..9...H.)..u..U_T..R.....U.T.b6tE...Z.....#.VT..Y.)/.p....v..........lKYT#[..X...d..E5.....T.k.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-warn.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):970
                                          Entropy (8bit):7.585174137113413
                                          Encrypted:false
                                          SSDEEP:24:S3j6jgUBmMRZWKzISSP4pAlIy1EH9avEIzb2c:Cwgcmgbz8llI1avEIWc
                                          MD5:4263D844C484B0FE56B1F36AAE7B5A51
                                          SHA1:A37EECE9C00A33240F7F2B27A88EA0C6A430B925
                                          SHA-256:6407A4AE08A11CC7925EDCD26EA01BFCBF551607F72D481C34838C2EEB277046
                                          SHA-512:8458E288C18C5840C7383F72A68B714896CC50733E18A099A1553152754B3D3A914DDFD8F1A9EF60BFCCBE76DFDE64BB44C737AA78E8CAC37793CC0C9C01B6D3
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d...GIDATx^..q.A.E..!..!..!..!8....8.B .-....@....*.:....n.........a....c.1..c.1.......g.....MM.._.P............35..I=nJCe.z....R.L.....T..3:n....q3....#...........bL.Th..3.P.9*.@E.Q.&Bw.<S.c<.^^.o.A..P.f.*...cnA..Tc.A..P..%..fGe..<..7.....g."e\......V....k...r..a(.Z=.n..R....R......u$.e.k..........[..."..0.1....*aH..C.C..:...a(.:.l...;..=u<.e...../..x@..C..u|.....#*".eDU...FUD....eA.MQ1a(#E.,..d...C.)*f...SUT..HUQ.f.....2..o>+n...2T\...Qq....".PF....t.\...2rU...Q.a(c......x..%..0.1..a.C...0VE....*z...%T|..(...-]B....*~....0.QJ....~....b.6..3.p.....)RFIu.i0..-sV..<.......-.&U...jx....U.mi.FKo.A."e...Z.A..Tc.PFM5...@m5:.e.V.........0.Q.s7._...@..C.-..:..p.T+...Vj...Vj.0..J.P...R...2Z.5.ACZ.5.PFK.F.h@k.?..)...o....-{.o...|(..U.yP.MWu.Ca6]....|Uk......8.b.U.iP.MWu...c3\....c.1..c.1&...?;..=H_......IEND.B`.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-typing.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):969
                                          Entropy (8bit):7.606184373841091
                                          Encrypted:false
                                          SSDEEP:24:ApVJT5PPm0HoH3bc1vLdhc+Y4D2V6yk/BG9Mz:KfPm0HsohPA4qL9Mz
                                          MD5:81CACD52DF7B613A6BDAADB532905ABA
                                          SHA1:9F08A158A84B8D80562DD0611CB87045AE6D6E23
                                          SHA-256:BD71FEB5B38FF11CAF72A0FA3887E318F670CB5D45321A65B2D83CBF38EB9D23
                                          SHA-512:A14E3056AA3C37E3CED45F1BEAE0DA7A4DB24A3DCE93B63A31345715EAAFA8215C9E6D3B00D8E09CA07AFC5DF2E4BD7F8548CD4ADB20A9AAE32AE2DDA64EE52F
                                          Malicious:false
                                          Preview:.PNG........IHDR...P...P............sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.134.[z...9IDATx^..;o.P......`....U.k+......).,.3 1..X.!(l...0..l $f.|.......eCB..Hh....:q..!..Ig..9...............................1?.}...s~....4..:/..H.J.y/4W...i..4.Jy265;..XQ7P.u/.G.\.._Q..>.G.c...t....d...}n.P...q.5...m.I......3...].....i4-.d...ln@g.]...,....Kj?vS.a.....]....jr.c.........zI.=.....UkF.3y*9..K..=b..~\.3Ub....;.{..#.e.&t.....L`..?.mj.x..gWn...|.O..R..._.r{.nM.f......#w....M.2).~....qA..qr..>_`.Rfd.._....enH.........a%eR..MWN..sE...J#.=...:..~..R)...4....2)X.\....s.RkW...8.....J..2)....:.....SgN.(.'....Z..iky....'eR..\v...R&EN....Q.C.d....>..Nx..B.1[..MR...c.\..C.*..Gj..n...~8.%=.0.i?.'$=.7U..z....$}..rx.qu...c. .r......W..........r...Q.;..~..r....3....A`.Zx.>.T.#i.... ......_zQ..4...>pP#.c.~.G.ShZ.....h?.a.:>g.Q.*M.U....?g.a.i..4...T-........s.s.&DDDDDDDDDDDDDDDDDDD..+.~...IX.X.a....IEND.B`.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):10737720
                                          Entropy (8bit):6.403400194435886
                                          Encrypted:false
                                          SSDEEP:98304:h3K+0pSFBnLD+kyvOhgNQqz2BDActB/sQN6soe4vHuY:ApSFBnLD+BOhs4DBtiQsve4X
                                          MD5:B248920D9FCF8A0CFE21004D62645F65
                                          SHA1:F9D575237A86BE5CC7AC457AFB0840E4A4BBC75A
                                          SHA-256:EE030165EB9FDBCBA509CD247DD9285777311390C5E20A65D048D41EDF7F0558
                                          SHA-512:E3F28A26237E13361A4E18808DB1697F6B6743261614FFCA6FF848514379834B8E745F5C0FBDCE8D67D4B2996140B69E1F2A84DA29FEB7AF0F01836CF75855C9
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........L..t"..t"..t"...!..t"...'.9t".w....t"...&..t"...!..t"...'.Ot"..(...t"...&..t"...$..t"...#..t"..t#.w".^.*..t"..t"..t".^.&..t".^.'.sv".^....t".^. ..t".Rich.t".................PE..d...v.Mc..........".......y...).....`.n........@.......................................`.................................................8'..P.......I...P...[......8N... .........p...................p..(...p...0.............z.............................text.....y.......y................. ..`.rdata...L....z..N....z.............@..@.data...h....`.......P..............@....pdata...[...P...\..................@..@.didat...............f..............@..._RDATA...............t..............@..@.rsrc....I......J...v..............@..@.reloc....... ......................@..B................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_access_key.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):2599
                                          Entropy (8bit):7.8851491293625875
                                          Encrypted:false
                                          SSDEEP:48:9VaRpbiNJEYkGMF0RRnvzyYdHkkyk2a5NbDG1f3L7GLUrgU3vu9BnduDFU1:OR1DGMF07yakLMbD+fb7wUr1f+nwD0
                                          MD5:4C610F2C454EC9E9FF63D34D5676FBB5
                                          SHA1:0D9D980624AFD8948B44BF524CD441F111EC0637
                                          SHA-256:A751FDD03854A217B14136D9B9AECB9444B62FA0EF71A008DB66703A8CB26FDC
                                          SHA-512:B7A6EAAA937C25FAB2469B56EB8DC92250B7AB3FE2EC133F40E902327C671AA978FCF23E7BA8DFA90762ADE6A819DDCD8DDBA239724273AC7A0B06C615FB6645
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......sRGB.........bKGD..............pHYs...........~.....tIME.....'8..O.....IDATh..{lS...?v.8.$....$M#...%!@...1VT.MQ.t.":..24&...4.k7.ek#.T,.....P.k..R.L.<.8.'q...8..8q..........{PH\..+.....|..w...9.....T.....$..BD..{e.".......+.....h.5@.Xs...%.).......K.@......B.....0.....R.UW.....Bt.!....B..=.&.~..9.7.....TVSR\...f... .\hRS.w8x8?..M.HNI....8y;.T.f.e...tut.z...\|c....G..x<.F\.....6...n^x.E.[g.~!..J.....4wyrJ.|.Z]R.o_......i.;.3/'......aeA.q...e...f.WUq.w.[......."...d2.o..$...--.~r.\b.....4.`f&..X.F#.4...z.....{.7.m..]yLL.5k..`.5....=+..:M.).q.&%.[[..z.....LL.Br9...@.J.2&.g..8..].N...7....cx.+6>.h..See2....a% ...$ig......9....8\^/.I. ++.........`.>...z5ii........-......d.4.....E.|>... .....\. &&....s..s..UTT..l.U_.*bbc.Y..=}. .P..........%GJKo.........6..sw76.m&..b.@......`kSS..tTf6.Q..s...`...R.F@.....ko.B..A....Nww7.55|r.BTKK....}..........v;ST*.....j.g]]....9s.."+'.m4. *2........Q......%I....D.$...

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_private.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):3263
                                          Entropy (8bit):7.706962757375828
                                          Encrypted:false
                                          SSDEEP:48:S/6JSfUVceCmDrC7XVMszrKznG6baPZKXOORQfAWO1CM8pmBHJ9KbxLwuNbOBjPc:SSJWUxC2+LH6bA2Rg/QCBmjAbxLtNqBi
                                          MD5:41529DE2E2AB466FCDF7C88809EF708E
                                          SHA1:3834A44751FDD268780EF101B96B678873EF8493
                                          SHA-256:9C953F11AD2EE7E7495E71747EBA1BB85002FCC13E0DD91123D24019CF5E367C
                                          SHA-512:56AEA014D3D68E184E1755ECD70590E270FCBF3BBD460565959CC69718025667FF033B794F42B6C30982917935B6AB1A5D4D2472F41FEAC3099A8F88AEFC6B8F
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...5IDATx.b...?.P.....0..@..`.ddd$.0!!!.....nnn..J@.............=f......Z...j1 ''............9......Kff.fii.vM...vvv...@.1b...1 %%. --....:...)..(P.AC.0.............o..8.........e...b.&.E........#.f...J................1..@,.h.:.AXX............?r.#..jA.d........=.ZBBb.._..y.l7...EIH@@...6lll..zX......:.].A..bF ~............. ...F&FP.2..1....$.3.=.... ""..`...#..o.........0.$.t'Pm2(&....";.XXX..%......$'..4?.....?.....L..A1.....G.s.;.C..... ...j}......?....b..L.fN.`....&R....0....].....;P4A..cp2.bPQ.e.t.!,.@43.G.U4....."..2S.d`e...*ax8...5;1..`d....SF.f.......0...3..RW`....,F.....T....qE.;...l..*0f.I.bb..?.W....'.._..3|}........=......... .oO......Yc..X.1.J,.N..S.I.a..a#....Dv.x...............5%.I..?#.. d.....4...........fd8u..c\...............m..~.Er... ......J2.pp...t$#..../.fb.2.C51..US.Q....N\x........d7.....$..._@k.....\f`..=........,.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_survey.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1133
                                          Entropy (8bit):7.754045849146013
                                          Encrypted:false
                                          SSDEEP:24:av8klyUzGi0CF3foxlchpLz6YznEEcNa2:akkkUzfpNfwopySnE9Na2
                                          MD5:49FF076243C05AA6C44AE526925F966A
                                          SHA1:6BF0BA5C6AAF838E542494ABA72848E56DB4871D
                                          SHA-256:79E39B353C0A9424F74356B423DE9C7D4F5FC98DF8A70C40909C8E3BFAF6FBCC
                                          SHA-512:4134FCC1284088D699412B031EB251FBFB980E0E6C281FD9948B38F2CDC8EC6D66F327B3BF1F5EB68C87587540C2D5A60341CA9186F909E822502C8D3C9C8A04
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......sRGB........'IDATh..Oh.W..?of.;.4l.l...n.4.Bi....P.H..<..1..w..!......=. ..y..V....`.,.[...]3.v.yP.J.d.n...e.........~........O....W.J)..y.....6z.......A.....9<<,.%@JI..|...P.bx...!6.A.3........b1<.#....H..y..q....^../.iii...j.%.#G....B..y.&....9s...q............>N.<.k.8..<..D..,.|;X....wP...~.....;w.)%.l..7n077...(..E.^........o..0.'.......`.&B.......................@..........,.....5F@6.]..d2.\.N...k5..>R........5F.vP5..[.2...B.....+.e....sov.c<..!..X..1.....*..<....R.D.=....:.5..W..o?....s..0??....t...|.r.L:......w.r..i..,//.......].u.....B.n.bjj.j.J........yr..kkk......_Y.k..!_.0B&''....RJ*...ea.&.eQ.Tx...{....mR....c.6....Cb.x}..9..}E.....q..Y...H$.$......0.L.............u\..v]....B.=.H$(..ttt...s..477.8.......T.r.L2........+W....u]L.D...2>.........|.2..i.z..(.R......w...1...QU.d2I.T.P(0;;.eY..kX..;v...i..?N.P..S......J..T*.8p...%...<...d2.........;...........m....EX@\.cY6..v}j..B...Xk..}..42..R...

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_team.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):3851
                                          Entropy (8bit):7.932174020309697
                                          Encrypted:false
                                          SSDEEP:96:59esNVCDaZ7u/847WmyHf7ahi2waztHHQG:jvjqhyHf7aY2XnQG
                                          MD5:C280D0EE8C186E77DD3EF60BFC66C57D
                                          SHA1:57A03C32D25DF8153C507ED427D12FC71C4A0AB6
                                          SHA-256:DFB4A7AB6125992A5E5B4DA32E96612F317B7B354486FB3E8DEF18536BF30074
                                          SHA-512:BC614A530781AAFF295EB99C9FA752A41D046DDF9434A6B088219155A9CF9F193CF39797DE4852E08AC0BB49014AA4A86DD3D27EB82C2D9699567734EE0640E2
                                          Malicious:false
                                          Preview:.PNG........IHDR...0...0.....W.......sRGB.........IDATh..Yy.VUv...........h..f.e..p.DE.1#31........?.)....2...R.FpR!.#d.....E...4...,..............?.k.:3.:0U..T....{...;...._.W.{.}Y....... "..O..._......TRD...v...[.e.P_.i.y......"...-.?.....;...:....j.y...j....v`.YS=.{.....DD..60..[.~.xg.].8..J...p...$......[7.7......X.Y..B"........$D...Q.oomm.?.w..n.E.;......ED "..b.y..6=.;v...........1.!...1....... ..y..a.... a.5FQ4&.....rf....y..a.%Nu. ./..}2.)... .D...R.5}}}..#..y.h./b.?...}..G..N...........y..".Z/d.[....2.._*.....H[..;...n@uu........d.z{O..v...I...S..Rib.yl.P...=....*....axj6^xi.........{M:.^.....(..F.1....n.m...p2.r..L....g.l.|....Z.H.R...s..~..\j.u|..{....P.)...r..rm....44O..1K.(.b...c...K..`........p.....\[?o..R.'t.7....J.2Y../...}.|.....\,..YS.o.?........QA.. Q.T....x`.?.M..m.y....~..{N.\q..#..]1.I.J...`....D}@..F.2..]..p.86>1o.....91!.j..b.....q8..X+.........l."z.K1oR.2.N..q...a1.......8."b!............}<..O....*.W..D.L.fu$.V...D..p

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x64.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):140368
                                          Entropy (8bit):6.261866966050347
                                          Encrypted:false
                                          SSDEEP:3072:df0uqjrc1lIBbnuSc3J5wo1J/M6Eq5J9MyljxAexV:d/qj7BbnuSIJ5zJA2J9H
                                          MD5:2A5FE7CF943E363DC5F941785B9174BA
                                          SHA1:265AAEEA7DA1FB20242F93B28204F006ADBA3F68
                                          SHA-256:BCBAE69A672226CC42E39AA0E95B8341A4620779CB78013FE00C10C17EC9A86F
                                          SHA-512:133DA5A8723A9A7EEC9B140697DB1B838C3475F5AD82C6658143EF2FAA244BF9810704AD392B1408727AEB42AB5686456E05FC6F602749EF6CF9301CD89B4936
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............dH..dH..dH..`I..dH..gI..dH..aI?.dHB.`I..dHB.gI..dHB.aI..dH..eI..dH..eH..dH..aI..dH..dI..dH...H..dH..fI..dHRich..dH........PE..d....Mc.........." .................K.......................................0....../U....`A............................................................................PP... ..L...0...p...............................0............... ...x...@....................text...0........................... ..`.rdata.............................@..@.data...............................@....pdata..............................@..@.didat..0...........................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..L.... ......................@..B................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x86.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):120888
                                          Entropy (8bit):6.602078409312557
                                          Encrypted:false
                                          SSDEEP:3072:9fCkT1flCi+mRiyun1pufdUFwFEjxDQXEO:lRp6mRzun1p4g+EO
                                          MD5:56AD2BBCD017461E5E568B9935CD33CC
                                          SHA1:D02D0F43E3296D362E14ED984AA3615AAF9FFA56
                                          SHA-256:0F324237C6B48DD08DE812BE6A3BF27E6F792BF1EB653087ED2D97AC816A8AC3
                                          SHA-512:73C42A2078A3D8881F7C40E43BF8BE7942C24BE2E61029CEE6D74B5DAB54569D1F2AEAA8B30D7D3D3E36724884BF88EE2727095087056D3F6812FA59934CD521
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............k.......k..v....k.......p.......p.......p.......k..........N...Iq......Iq......IqZ.....Iq......Rich............PE..L...i.Mc...........!.................C....................................................@A.........................a.......b..........................8N...........X..p...........................@X..@....................`..@....................text............................... ..`.rdata...p.......r..................@..@.data................\..............@....didat...............f..............@....rsrc................h..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\chat.wav

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
                                          Category:dropped
                                          Size (bytes):19856
                                          Entropy (8bit):7.234889712783669
                                          Encrypted:false
                                          SSDEEP:384:gj1zxomdMuL4O0jwDKoNZLCctbCdwrRfaKdSTyyBdu1cD:6nX4TwGoNJCctAwrdajTyIJ
                                          MD5:08071F39F4EB5F201776D297F16DD75D
                                          SHA1:3682E976A137EBC52D2998404003B908EA7772C6
                                          SHA-256:9D11DC231676F783BE1C370178CA63FDC3AAD5536B1791457AA2EEDF08553E34
                                          SHA-512:E19CF7C8C51413EBBBB31C8E8B53E41789E55877034E91EB4EA1477CF899AB7943B1F1E9D4E410276F7F0A603E232E6F80CCF9F804E90B01194C4B0E49F42713
                                          Malicious:false
                                          Preview:RIFF.M..WAVEfmt .........>..........data`<..........................................................................................................................F...&.V.@....'.%%7-4CFwB.S#O.].XRc.]Yc.].].X.R*N.BN?./0-..:.......]."....`....+..........E..........-.....F...{............F..7...~.F......#/!.1:/j?.;.J.FjS.N.X.S.Z.U2Y\TFT.OZL8H.Bl>.5.2:(.&....}...G.h......{.#.\..W.B..p.(.:.K.....0....;......+.....F.....................$.".1//b=.:.F.B.M.I`R.MNT.O.S#O.P+L.K.FuC.?.:.6./w,.". ..`...W.........Y.'..6.P.p.}.)......=.w.....<.W....V.J.F...0......b........k.!.4...o..,.).7.4qA.=PIYE.N.JKR.M:S.N.QGM.M.I.G.CD?.;.5+2B).'6...E.y.....V...7.....4.....R......R...M....b...U.N...8.G.M...Y.p............l.....M.....K&=$z2./$=.9.E)B.L.H:Q.LLS.N.RcN.P.K.J.F,C.?.9y6N..+.!......u.(...e.........z.(.d.........e.t...p....c.......+.}.*.....&.v.b.......%.... ...- +.8.5.B.><J5F.O\K.RCNTS.NkQ.L.M.HiF.B.=C:.210.&.$n...M.......k._..4.........k....=.c..W...L.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cp.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1262136
                                          Entropy (8bit):6.408879577930645
                                          Encrypted:false
                                          SSDEEP:24576:fBx5cCsXt2c4uQ/xEbX/GQFoycZvMksJD9+AiTMm:f474ujz/GQFzgvMB9+Tb
                                          MD5:C77E5EDDE813462A7459250292420BEA
                                          SHA1:88B73ED10761E93BC05BA1E361C89570D0E5E642
                                          SHA-256:B9BB65F8E1E27976EA1CB01AE137F4664309E222C229481DEA8CB181FE0D676E
                                          SHA-512:C8222F0935049F509F34B2593D6E66B6C493DEB0F0BD36DE66CB2D6B33B36CC48F76694F7D57D8760B0FBD60C5AA0581A57EC7E087268A774EEDAA0DB6056493
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......g...#...#...#...7./...7.... b.".....,.....)...........X.!...7.;...7.!...7.....#.........*.....~.....".....Z."....."...Rich#...........PE..d...?.Mc.........." ................................................................mm....`A............................................l.......h.......$...............8N......|"..p...p.......................(.......0............0...............................text...\........................... ..`.rdata..Ls...0...t..................@..@.data............z..................@....pdata..............................@..@.bmgrcfgP...........................@..@_RDATA..............................@..@.rsrc...$...........................@..@.reloc..|".......$..................@..B................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x64.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):115256
                                          Entropy (8bit):6.197414408992922
                                          Encrypted:false
                                          SSDEEP:3072:ttf1W205Vw0nV/09+C5JoTqIMMFUFXeqjx4aEG:Y2ofV/tCiQEG
                                          MD5:3E6E01471AE13FB8328C441FF74B7288
                                          SHA1:02329A1030365262737D002DE951E1B634B7E9C9
                                          SHA-256:C6C016888759BDB58474CAE38C9A71F32C59093AF909F50D397E9DE736A569C5
                                          SHA-512:A534D6A0634993CC80274ADD778656D74FC737C7609AC65AE24BB1FC5A5ACD51125CCC52786E34F3F5993FBFB3FEAC6AC2086319828021F80A7E0180379CBC84
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@..h...h...h....*..h....-..h....+.uh....+..h....*..h....-..h..../..h...h/..h..H.+..h..H...h..H.,..h..Rich.h..................PE..d....Mc..........".................`..........@....................................!T....`..................................................H..d....................t..8N......@...`9..p............................9..0............................................text............................... ..`.rdata..2...........................@..@.data........`.......D..............@....pdata...............N..............@..@_RDATA...............\..............@..@.rsrc................^..............@..@.reloc..@............l..............@..B........................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x86.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):102968
                                          Entropy (8bit):6.594961793087062
                                          Encrypted:false
                                          SSDEEP:3072:f0RwR1rfGM0+n+qnzVvttyrh8u2EDGeBFrGDl9H2jxM7EO:f0RwfxtzVDmau2EKfH1EO
                                          MD5:084EF2918B7C5BE348815088CD74FFF0
                                          SHA1:ED53A78D095C9A14967D4D2D171126150CD92932
                                          SHA-256:8F06B9F5F97A080E3AE4C4E536C8C57D59C8C96C45E1DFCFD0F4108E7DA0954B
                                          SHA-512:33D8313584A68E8D56AC2C129EAD8E1BA44CFDEA052643E085B807749D8B83034B8D08B848593FDFB24EE72EAA2F11B8A4CBE85078BDF787907093D95CA1D7B6
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^...0..0..0..3..0..5.=.0..4..0.H.5..0.H.4..0.H.3..0..1..0..1...0...5..0......0...2..0.Rich..0.........................PE..L...l.Mc............................0.............@..........................p.......S....@..................................'..d....P...............D..8N...`..........p...............................@...............`............................text............................... ..`.rdata...^.......`..................@..@.data........0......................@....rsrc........P.......&..............@..@.reloc.......`.......4..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\icon_exclamation.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1507
                                          Entropy (8bit):7.071641489765068
                                          Encrypted:false
                                          SSDEEP:24:Gy1hpunQWwjx82lY2T3gV82xyJ3VBYr5EGrd66v51xTa0ZSyzVdDFfPPjdU7:GwitNn2cbQJ3n5odnnxvVLfjY
                                          MD5:0E2703DC00F5FF823D620EA8FE1CAD23
                                          SHA1:AF5E7B48B02CD0E2BF82EA9668F9F0CF2E2BC27C
                                          SHA-256:36B4FFCC8D0B3271D1764D76C752BEACC15B7F1715BF569F065269E2FF0B61D7
                                          SHA-512:817916F44FB3DEBB06F0829ADB2C275930C9948729C49FDCA678DBD069B0469C8AD8322FD2AEF585B7C7416D824DECB6E43FB1DCD065F0C71BB31E3DCFCB995B
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:0C6E03FACD5511E0AE26F59173CBFB40" xmpMM:DocumentID="xmp.did:4B418AA2CD5511E0AE26F59173CBFB40"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C6E03F8CD5511E0AE26F59173CBFB40" stRef:documentID="xmp.did:0C6E03F9CD5511E0AE26F59173CBFB40"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.se....WIDATx...k.`..O......xP2)".k<.E..s0..g..D...1.....@...l............v..^<.M..7....}.H..oI.....I.}...i. W6+ 8

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\indicator_pinned_connected.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):963
                                          Entropy (8bit):7.563029008936511
                                          Encrypted:false
                                          SSDEEP:24:n/57iz8+fdXEQ57P3dtLuT5XI1mPnHoa2lFRYGQv/Z2zMZEMsjU:J2l0Q5bttLuVXUGINRY52wZEzw
                                          MD5:AD5151C4B945CE6FD19812980EAFCB9B
                                          SHA1:4761B975A69B8F019356F7DE965301673C35CBAA
                                          SHA-256:153C8DA23E2D15C8CEF64284FEB955AE46DE9D6547243F6474A5113695A84595
                                          SHA-512:4BA90963B9C7613374D9C56E30FDF1FEB2F9798C7CF8A891FD06FB5FF6EF80F9E7DD0283F7C3EAD15F365CC3F5979F375FD30EB0B95C07FCD4887ED7F2454F50
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....:........IDATX.._H.Q......j....Q).=XF.C.Tj..f`.(.iFQI.$=...`......nd.!.).....P =...a....JM....Xw..Y.....|.w.{."....a.../...~r.+..C..R..j..F1T.3S..z.0...fd<,...`.Q....Kh@....=...!LNh3FYa.A.}.6f...i...^.......*..'....[.A.g.....p.Xb<..i...md.N...;.^......x....VzbB@.a................[...3.xf..6#p........eLEc'.7.(Pr.....y..|rO..N.p.kE..&.<#.O..~Qn..jp.....+.+.. ...?@...A...3.b......`........F...!h......Pt....q.P..&..~.....r....f..}v/S]F=...m1s..N..........m.A..4.UPp......S-....xi..mJ.*.z3.>.......z8P....[mp.=D....x.6..n.z.P.........`.)}.v.Cz.w,..R.h>.m@Q.....s.8.`b.~.....D.z...........Z+e.k.l..f.S....G.Nh*.....uP..kStS.3...6....;.5..B.rCt.`07+..:!..B.Z..j......x...]?X.y....8.K...7...?L.Q......%tEXtdate:create.2022-10-27T22:58:14+00:00.9E[...%tEXtdate:modify.2022-10-27T22:58:14+00:00.d......IEND.B`.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\indicator_pinned_disconnected.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1266
                                          Entropy (8bit):7.576476008724102
                                          Encrypted:false
                                          SSDEEP:24:n/LpTDcGCXT8As4juEgiJWwl8eLs0n/hCy/gax9cDHMzMjjIvEMsjV:BDFCgDzEFJr2KsA/oax9kHMwPIvEzZ
                                          MD5:D3F22CF408EDBAEC2F731C6941632C1A
                                          SHA1:1E8D6229FF6663404416AAA71E2980CCADA6F1D8
                                          SHA-256:09C71353207ED86E5277F385D255C83E880E2C508E1D4AD98797D25E4F76F349
                                          SHA-512:662FB841C1FCC4C8C87ACEB75E1213606219B95E7374143EC51E58F92EC9518A838B76CB2620ADA30047EA9B9F401845F8959C5502654D99E1643AD054071E03
                                          Malicious:false
                                          Preview:.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....:.l.*....IDATX..MKr]...Z..)}G.M,.A!AQ.5.QZA..I.4....!a...JP..Q4..K..9../?...55=.7..s:..K.p......}..JE..U..P.@.{.ZZZ`4.....o.$..fgg!.J.^.....M466B .. .TW.mll.\.........q........`0..'I.B..v......E.`kB>....a..r........y.^8..8.N.b1..H$.V..H$..n..l.E}bi..........ahh.555..(..c}}.<.......r..kkk.C........g4..ph7..l8>>F6...zzz`0.@.D.....X,...~p....g..d.....Wl@.P`zz.1.z...h..............nwI<.H`gg...R....W...t.B!h.Z......a||<..`0 ....J.*k....bkk.///....F..D".P(..j...{.|~~.sss..*...P.:...W..H$H$.p..C...f.5.ggg......P..J..6..p6..(t....D"...IF...%.f3...\...\.fff.2@[....r......^F..d....<.....`....+.@4.-...I.,..............hm$......]~.....$I...<|tt....~..mmm I....E......d2.\\\..z...H..NQ..N'|>....K..p~~.\..h...X.V....l6...Q)..A.XYYA}}}.....8==.wb...x....Ep.....\2.(....>..t>...a4..J.~f..|...........R......_}..........&.'YSS..Zm.\.R.......=.B!V8...t....(.l6.N

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\nudge.wav

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                          Category:dropped
                                          Size (bytes):58224
                                          Entropy (8bit):7.610540877002438
                                          Encrypted:false
                                          SSDEEP:1536:QzHJNlD/8LkEsd2/AgnzZIzkOpSUBitMolg:ENh8LkEsk4gnzZIAiSMoi
                                          MD5:3DB154797700E68E9E8E9BED55A7F2AE
                                          SHA1:8C3464BC95A3C1AC2A880E3D25763FCE595544F4
                                          SHA-256:CB2F2418945ABF8169C15164274B30E957B0F302F6B732E03FC624E5542408BC
                                          SHA-512:D012EA10ACA0B047473C7E72B828876BBDDFBD02206A48198F11A95E28CBEB315F0F5270AB6B7B43728B0B2CE5F609A58CA16D20DADB6512428855DD5695358C
                                          Malicious:false
                                          Preview:RIFFh...WAVEfmt ........D....X......dataD.......R.s.y.V#.)h0.6f<.A.G.K>P-T.W.Z8]a_.aDb.cOc*c.b.a<`.^h\.ZAWLT.Q.M-J.F.B.>.:.733Z/.+.'{$0!....6...H...<...........l. ...........E.......X.......|.g...^.....c...S.{.a.............e...B......'.`....a......................r.C.h.......c........Y.........e...M.......,.Z.[.<...f.........E.I.".......... . .!)!.!. ] ..-.....F...........k.Q.O.....`.......?.. J".$.%.(9*.,..S1.3I6.8E;.=.?"B*D.F.G%IYJEK.K@L=L.LZKQJ.H.G.DTBf?.<k8i4.0d+l&/!..'.E.1.....R.....'............../..............F.G...............e.-.2.~.............#.i....,.Z.a.V.'...V......b...Q.z.x.:...B.......r.4...9...,.....s...a...~.".............Y...l..!.".$.&.(.*.,...1.3)547'9.;.<w>.?VA.B.CYD.DNEoEbE.EmD.CpB.Al?.=h;.9w6.3.0r->*.&.#S.w.......~.|.........8...m.2.../.w....y....e. ...+...........@../...]....g....3...3....*.L.d.U.>....O...Y...+....(.....?..4....3.(.A.....o.{..6.......l.......%..U.4.<.o...2...U.....;..!.&++./.4S8x<c@(D.G.J.N.PgS.U.W)Y.Z}[3\.\

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\pinuninstall.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):65
                                          Entropy (8bit):4.587226082026236
                                          Encrypted:false
                                          SSDEEP:3:D/GjIWtAdASmL4MMv:L/d/1vv
                                          MD5:71D2AAFF7A2DB28EC9C4C69FB932449B
                                          SHA1:998F78994B4DA4E8B49E6E0CF0EC63A40C96A73C
                                          SHA-256:6213F323269B7DB7BE0857F983C394D69C8EA2F6981014C54E36F7A7AB9C19E5
                                          SHA-512:1D5FEF1EF55E48EB507DF0382E0D3554098E2A05E5FA90557C2BE243B5D186FE1EDDA9F3354067828AD5AD35B399EC1713A36AF011CB97EC18D5595ABF912B0D
                                          Malicious:false
                                          Preview:cd "%~dp0.."."%~dp0bomgar-scc.exe" -pinned win32uninstall silent.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\preload-en-us.rdf

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5182
                                          Entropy (8bit):5.727900250139019
                                          Encrypted:false
                                          SSDEEP:96:rTp8xzWk7V7r50q/ToDCjqviFWDzrPI1Rk5DPkD4PuPWP2uyfRLIh8RSCPZ:rdOWkc9DCjqvJPrw1RkVqehix
                                          MD5:C4986AD5F37B553F0EDE22837149CD6F
                                          SHA1:C7AE33E53C75A800B2C8FAF43EF2859632E11E49
                                          SHA-256:A6B5353F549693F4DA3FB23B90E2DA1C4785F20459ED21C3356EE93D16580A87
                                          SHA-512:E73CEB3272763D4CC471E0EEAC5CD790C20C494BB30E28990CDD7AA314ED6675CEFC783963963FD51F649AE6395759D73C438559400378C9BA751DB0D700AA41
                                          Malicious:false
                                          Preview:BRDF......22.2.3......c[....en-us....................j.... ....ABR_REP_COMP....#ABR_PRODUCT...../....APPLIANCE....Secure Remote Access Appliance.....%....CALLBACK_BUTTON....Support Button.....'....CALLBACK_BUTTONS....Support Buttons..........COMPANY....BeyondTrust.....z....COPYRIGHT_NOTICE..c.Copyright . 2002-#COPYRIGHT_YEAR #FORMAL_COMPANY. Redistribution Prohibited. All Rights Reserved...........COPYRIGHT_YEAR....2022.....-....FORMAL_COMPANY....BeyondTrust Corporation.....!....JUMP_GROUP_FULL....Jump Group..........JUMP_GROUP....Group.....#....JUMP_GROUPS_FULL....Jump Groups..........JUMP_GROUPS....Groups..........JUMP_ITEM....Jump Item..........JUMP_ITEMS....Jump Items....."....JUMP_SHORTCUT....Jump Shortcut.....$....JUMP_SHORTCUTS....Jump Shortcuts...../....LOCAL_PUSH_JUMP_ITEM....Local Jump Shortcut.....1....LOCAL_PUSH_JUMP_ITEMS....Local Jump Shortcuts.....(....LOCAL_PUSH_JUMP_METHOD....Local Jump..... ....PINNED_CLIENT....Jump Client.....,....PINNED_CLIENT_JUMP_METHOD....Jump

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\remove.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Category:dropped
                                          Size (bytes):73696
                                          Entropy (8bit):7.264659030360537
                                          Encrypted:false
                                          SSDEEP:1536:HRPYqa5pic6jXFdL2KiMcMmMLzKQH0A057PPxr7JEHUZ:xPA6jXFN2MclMLzKQH05jxr9E0Z
                                          MD5:DEF72A90AB3F462C53EA19B534E705F7
                                          SHA1:5807D96C3F300321C53B31F1801FA984F874157D
                                          SHA-256:48F4C6623AAE345014021EC41BE843F04B7854D6658D62B9A3C3A5B0D2345D01
                                          SHA-512:C3F6D63113E4628C18E696FE99D9D11D131AF74194EA02F47546B63A1EF8183031E6CDD702502D554FCB7F3E71CFEB847D2A04B1D7925A5B1D6F1C746CC73B0F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...i:.V.................^..........l2.......p....@..........................................................................t..........................8N...........................................................p..|............................text...t\.......^.................. ..`.rdata.......p.......b..............@..@.data...X............t..............@....ndata.......P...........................rsrc................z..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\sas.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):33360
                                          Entropy (8bit):6.916869367056256
                                          Encrypted:false
                                          SSDEEP:384:QhcvUaRk5QzPbW/9wWo2IYiZKjNyb8E9VFDPxSJvIYiZKyT5Pxh8E9VF0NySR:ECi9iYiCEJPxSKYinPxWEs
                                          MD5:DD5B8D870BBF54305E4E33B77BE453CC
                                          SHA1:3C2D9B77831E156E485541DBE62520E8C9075673
                                          SHA-256:8A302FD6DD7623513754189E935A846EB0ED2650D04DA569AA8CF21EC89C2C6C
                                          SHA-512:7E5D97956AA8502F4EEBE0F8ACA44BACE96E3708AF4CAB4CCE0558070CCEFCF348CFF8EA4F6D6F62845E657E8D83F38C6ACDD19027D521CE9C39A2BA4F69542F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.p.{...{...{...r..z...{...P...r..|...r..q...r..z...r......r..z...r..z...Rich{...........PE..d...i..J.........." .....$...........$........i%....................................j:....@..........................................2..B....-..P....`.......P..D....2..PP...p......`...........................................`.......8............................text...R".......$.................. ..`.data........@.......(..............@....pdata..D....P.......*..............@..@.rsrc........`.......,..............@..@.reloc.......p.......0..............@..B...J0...K..J;......JE...K..J;...o..JR...........msvcrt.dll.NTDLL.DLL.KERNEL32.dll.RPCRT4.dll............................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-attach-hovered.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):2137
                                          Entropy (8bit):7.8159577929553326
                                          Encrypted:false
                                          SSDEEP:48:C4f69t9Q2Hn7lP2b19DT0mRUTyN39yRt2/:C4i9t9VH7lPQR/iTy/yz2/
                                          MD5:BC5A365CE42DD94114762E65738A6FA7
                                          SHA1:6B67704171A112E6377913726B402E2655D4D5A4
                                          SHA-256:3B464E84EC9BB94DC5159D3FB865E887507D622E2B97C6A42187780C41E898B9
                                          SHA-512:AD1DED7236A989C9033F6D888E2F619649031ADC10775E57F3247E4565BBF95CD04A7A9E92436C806589447F436F9D306FF7A14B20A1294E502D07F6431256AF
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.19..d....IDATx^..sSe.....y...z.u.Q.....q...2..8.t....xAKe)..).6M.sN.....u.Y.. ..6...r......3.A.=..I....y>3.....7.<..s.L... .. ......]J.D...T-Y.`.K..m.H#..E..aZ...............:t.4^w....n1..PT-.8.....B...1.g........4p.N7.%G|....O3=...?.i.Z....'.....t..o.?...K^..F.......b.V.C.&1=Q....{x_._>..Q\p;xx....Y..?.......u.@b.........H..|.n.oATB.q|..|#7?>.O.."...w...?Dl.Fz.kI..x.y'W.>2..].r.|d....Wh.u....{Q.T..g. .Z......OmQ...M...PG.V.<...HX..w]_..L....O......s....b.(.:4..).0.....7.&..c.>........P.4...0e.....cb.n0...|..z..".&I..o..e{N.!...sH.../..f....h.$................<7J..&]_...mK.z.f1L..&I....C.... .<...]....D...M".N.&]W.......?.a..4............Z.I.W.[./c3..%.I7\...Os..b....o....p..p-.6bB.X........."@.l..T@=.k..V.._U...o.At.....W...._...F.q..|.k...P..!.......g..h.$..*.9$..P|].D....0F....W...u..T.C...._M.S.~..(..,.(...U.h..(..,.(..8..'.N..I...x..$(..8..

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-attach.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1165
                                          Entropy (8bit):7.60995073664814
                                          Encrypted:false
                                          SSDEEP:24:NV4hZPHUnaspPBQeZEWowdYuYuYsFT/qyvEJggj7vqgqXgQCu7ky:jbnasNB5ScdLLPTiyvGD7ygqXVtr
                                          MD5:5035F9D46B6FAD0AC28377AAD527D9D8
                                          SHA1:F2B0A2F3D343499F96082F693105184AECF25D5B
                                          SHA-256:6081301FE9E631E8E64E11DF3C004F17F3517A3B50FD2BD61C678D46EC13E91E
                                          SHA-512:49F247F3C3657957C5744530C7474C9689CEBB87F2E306D0B8E69F0B4045B9541C1703833CED457F579ABBB9B4C8B8AD00DE541F461D8AA1BB1FAF18C024F042
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.16Di......IDATx^..MHTQ...h....(.(jQ...]...-..E..)....0BC...8.Gn*kQBP.. Km$.3..]...W..6.9N.g.......l.9....F..E...........e5.....x.Pa].0I#.......+...Xh.O...../.8.....Tbh....(...>:....F..T*?]..z..e+..j/].aD...5.....,U..w.g...........c.6j..j{....#...V.G.....|..+.C...<.-..^.D.Mj..w.1H..E/.WPKL.#{.4..+&.E...s.\....B.....'j............G..w,..WI-....P.;.s..b.......b.....X.jJ....?..Lx.1w..`f .f..w>...>s.. %.ff.K.......GX..$.......$..f.>. %...u3........0},@J..... .,.%A0X.K.`.....`......\.....$...pI..... .,.%A0X.K.`.....`......\.....$...pI..... .,.%A0X.K.`.....`......\.....$...pI.....-....m...HfJ.-..O.......LI....8f...pL...K.|.Ja...E..m...HfJ.$.}F5.TS+......i.`.4..l..Zy.[..UV...L.~..{...V.....D....?.g..s.*r...z*/z...p..5.3^Y.z..Ojs\%3...p.\j..........d.Z.}N/.3.s.....#..@'......y.2.S.n..}.:0-.0_.M.y..-.1U.?\e......{4..=..P@.*(.yd..EO..pwR.8\`...x.+.%

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-chat-flash.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):12131
                                          Entropy (8bit):7.763731347796219
                                          Encrypted:false
                                          SSDEEP:192:P8iMjGEJRe0knM0QB8V+qEtQzKSqLsNZFWPFZ28EfDMumCRuHt:+GEAn3Q+zEtQzgsNZFAfbE2E2t
                                          MD5:BB64E025269B39754DB687D6CCEE1011
                                          SHA1:EE19BAFAA0CD8AEBCC73AE7CCD6C6656F6E7311F
                                          SHA-256:567EA2248F55577ECE97CFEB36CFF649C777487BF785CF3A0D116468E8584803
                                          SHA-512:DA4FC769D672C64555AC726383E3FF22600F00150EE33E6F95F33247CA6693A1D4FDC2AA591181C774D4982EB4147F94F6067116537941ACA2C5F5B60ABF80AA
                                          Malicious:false
                                          Preview:.PNG........IHDR..............x......gAMA......a.....pHYs...........k.....tEXtSoftware.paint.net 4.0.173n.c....IDATx^...UY....A..6.. \.. 2.I.. #}..g$N;#fj..m.M.A...#Si.L.2.8q.01T.HM.H.. ....~.H...af.SUmuW.....q..^.=...Z.............._#.../..rQv.~9,G....$..FrO.w<.'..@..{GV....g.g.g.2..2..2...&..B..M...G..1.Iuu2...&co...-.}.......w..j.y!..B.!..h...{.&......M...:.ua....#[W...#..B.&..b....E~Sj..~l..l...uj.vgZ..B...Dd.....y.c...7.....m...m.'m.B.!..h.Y.;.....iN..0l.......R.|..B....a'....vv...._...mg...mSN:$...UlR.;.|Zn.....mc...)..!$J4.o.}rF..3o.@....-X....!.....}.....K..k..F...J..BH-...W.]Wnw...{`=.v...w..BJ..h...!.,....Y...em....B..@l'..%_....x.7.7kk....'..B....7..W.3.16k...)..!......X&}..[.p..!.......E.f<..=....9.B.yY4`..u.F-...VX[.6...!....v..6...x.(...9D@.....v....].....}n8D....x[...........|-..M.!..hp.&.T.......oX.YL..B....bgCs...1.W...N..B../{.=.....l.....[.BH..@e.......3...>uT8O..RN4(.e|'.}../...>f}....!.E....u..>`Xv.A;a....B....;..E.~.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-chat-hovered.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):11518
                                          Entropy (8bit):7.748157744603988
                                          Encrypted:false
                                          SSDEEP:192:rsfCYp9sF2lIrWTgolT1Ng9WGFkaeo7oyn/Wz8CufKUHFN5E1HGpUCQ6/Ab47qyE:pnblox1Ng9WGFkaeo7o7z8CcKuXzG6/E
                                          MD5:E7F345C660F7810A244B680DC837B7EA
                                          SHA1:0EA4245220209E00EDFF10C322EA92A5C5A00A67
                                          SHA-256:66024A8358B391178028019755AA7A38178AAC74324B45B28C7E706F80A69617
                                          SHA-512:D63D747F1F4CC3A0410889CFC87700910FCC98CAA3E28298B6CF37640272F01E71FBB2CA1D88560D5C3D8569461819AC89AB953BB78FEC5452B931ED5CBD7B6E
                                          Malicious:false
                                          Preview:.PNG........IHDR..............x......gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.173n.c..,{IDATx^..=.U....X..m... ..vk.d.....! @....Y.....+..." p...............8pK.........E.%.....8 `.....v=..|....K?..F..N.}.....Oo..P...L..>....F.........?...................m...g.I.6...gu.......Fs,.....Muw3.....g..A.....w..Q.W...ww.....E..:...m~_.o..U...=.zL...1.c...=..zb..l.T.n...D.$../...c..P...S=.z..c.`Mv.........&.......k=.z..;............t..n..\....h..;..FC.~W....%.9..$.......t.>....M.;..........."..6...|3<........X.k......]...v8.n.}..r.c@........d........_..e...1.cE.;..f.E.r......uE<.M..c.W..$..TH...$<..+..N..-.c\..M..@%.!.}.K/..Dc.c.c....Zv.(...(..}.:..:...P.....M.jhq..3.(.]...a.......c.cW.;....E`B........t,..FF(.].F..K...n.B.r....-.L...#..V.=k^.l.....0......R._BD.....s.3. ."0..Awe.-...tn..9..9.....=:..ih..G.Z:Wt...q.......@.[..h.t..\r......lH.a^...........@o.".&}..Z.5..p.......5...H..."..>.q....A.?...E...D.......M..E...\...

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-chat.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):13186
                                          Entropy (8bit):7.785415595528847
                                          Encrypted:false
                                          SSDEEP:384:ctuNslmClFUjiIjvXvCqTf3FOdgO+FP9wsK88i7TxN:ctu4lFUW8/CqLFmgZKsK2b
                                          MD5:8EAE4FC3A16A7EED2268E295A420A0BC
                                          SHA1:1170653FFB4E915B4FFD3A142B62A57C20E0FEAF
                                          SHA-256:7A90830D5EEDC789E89DED68482BDB5CB250FAAC2B6375009912815EAE3FFD1D
                                          SHA-512:6567D2BF4102D97ABAA33BD35EAB8929BB9F3804AA9928F75823F10BB5F80E868C82D7A634D3D8FD54A28E6E9FF98B3EA716F2AD9B876127352F631D0367CF45
                                          Malicious:false
                                          Preview:.PNG........IHDR..............x......gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.173n.c..2.IDATx^..].U....6.L..L......X..&.`bb5...`LlL.V0&6&.VH#.E......P...!T......^....y...5.M.4m._......g..>{?..?.\8.9g....5..3......oH....r1*6..b..)..}.aq..(&.(..!1....~.~.~...........PXlB.!.X..r@....j....d...N..$..]v...].;.w...U..@X...BH~..nP..:.m.....&NOt...u..F.......!...#..,......|.H./....u..R...Yau.B.!.G&".....=6...&1.O..s].....B.!....`....U...nN.C3t...@..p.|..B...CO.....v=y.....N..nK..tH.!.RtR.zly.8 ..>_.mu...mNA@.!^".~......`fM..C...m.....B..!2...k.O...a<.6..h[....!..T"..._.z]......h..6...B..52@..v..]...Q7mS...q."B.i32...|z..=).......'..=N$$..&..n.x....G..j[.. .....k.`....r1.9...2.. .@........h.]..3!...E.L}........m..y..!..#..^...M../....b..A...B.F.A.A.^g..~x.m^.>7."....x}B........F.|-.}...BH>..m...=#.A..N......m.!$..`6G...\..L....3sB7"..t"..>nU..n.p.&G....!$..@...G.!a.f..F..J.y...x"..^.V..........q.!!... ...]/8..h..iPO......."....

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-disconnected-animation.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 1500 x 200, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):2146
                                          Entropy (8bit):7.178988398026767
                                          Encrypted:false
                                          SSDEEP:48:cAhKPeoPLCWlriRSJ40W0wIFDh2Ua+pU8+S4NhF84PM:jAmoPxiR8PbwIFN2xb8m84PM
                                          MD5:42F5496EFF0F04BB66C9F70267555DA1
                                          SHA1:3C6CDFAE05900E643F1B3D2753ACA7FA0E372054
                                          SHA-256:60ACCAAB72E7064B7A4748BF4225FD66B1B89EF2AD588725D05E5B4D297AF5B3
                                          SHA-512:8BBB1BEE0B9C996EF3698FCA4A86682E9B91C74F6448E7E8CE0676906E225600AA09A49B3C83633E4FA4C230FD5D4D1E601F8B5C5247862F0796D7E7FCF97481
                                          Malicious:false
                                          Preview:.PNG........IHDR...............|....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.../PLTE_`bnoq.................lll............QQQ.fJ.X..U.mnp......l[....t_U.Y!.V..X..U..X..c*......~`...]C.V..U..V..eNkkm...j\...p_X.V..Y.......Y$.............U..U.......W..[..z.Z,......V..V..e?ttv....q[..}^P.W..V..W.sc\.^..W..V.cdf.........md`.p....e`_.[3.W..[1.V....666(((...ggi...}~.vvx.........(....bKGDd.......IDATx...ysSe....b.D P(.d.......V.........;86......7..y.....~sr..............................................................................................................5l.Md..VZi.U.Vi.55=d[Z....Zi..VQZ...[.....jt]...J.(.Rkz...2V..j..VZEi%...J+.2l%...J+.2l%...J+.2l..mj..md.&..J+....7}z.?....XM...VZi...X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....X.K+....H.o..n.wl...krfr......=.3.{v...d{X..{........Z...j............=..'..^./...........C.....O..I.?..a.J.._n7.L..V.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-fontsize-hovered.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):4179
                                          Entropy (8bit):7.942893504616903
                                          Encrypted:false
                                          SSDEEP:96:Dq5kjYyaAYVIxQkF1AiLZ1NexiPojp3WkJ+iBBBL:DMesVIxQkPzIig93Wq
                                          MD5:BA726D8E0200BE75DF19278705D16F6B
                                          SHA1:90290E095F5F795B5BE39F3423B2690866AAD5C0
                                          SHA-256:7B28F3F46E4886B47C65ED67B01CB5798D2F7DC4FF4DB7BD047E35E3472ABC0E
                                          SHA-512:92262CA896E3C1ED9240B236E3D65A02997A13D21164AA902DC2B01E464C196EA1337E4BEBE3CF5B10C30FB25C4E9E5BB00E223027219C6386E4383FEED328B5
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs.........j......tEXtSoftware.paint.net 4.0.19..d....IDATx^..SE..Q9..T....s.u.W-T..DED..].....t`..$/.... *.r.....L&....w...P3y=.K&.....[.............%.<x.......<x......Cl.8]n......W.!u......`..}3D8.Z&.?c.....v.P.).vN..<T.)[...Xv.l.p.......xFF3.2p.I-.C5.}L...z..0...c.C2....j.>.I./.d..1........#.A-.[.C.o....F.V.x~..J..b=..r?.Jm ...~4..GpC.....=T......\K.-.L..c.6..{n.-|.=....L...j0E(.....p.SE.{.F;n2f-.......dK...@.......^<m2fML.;..bo..n..h m|...h..T+$Q8i|f ..'..J..... .9...0>3...%...u3.LP........K..M..<P..? C..!ts.J..~DF.;...VI.....L.s....d[2^.O7.."..A8d4.p..x~5..u........_....n..p..Q.z.b.....bw.<..|u.l*c.`:..Q.n...p.s.R...@X.{.'.|..~..T..D.f..u.nv.0i.S.....M..M.Jxt..x......".....+d,...^..@..`.{.3.!.lT.5.3.6~.m....N.5.1_l=......A..=......fg.j.....Hz...rZ..wb.5..Y...-..OMIG..+...St....A.0.C..M..pz.o..y=n...v...N........^."....e...H.9)..Z......-,P..I..#{(.:.............t*.....GWe.}...>.(.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-fontsize.png

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):3202
                                          Entropy (8bit):7.89996341707749
                                          Encrypted:false
                                          SSDEEP:96:WCuJNAArrHAcjzEr4iQS0sWOtnyq7L4tW778:W1hrHHfER0CpR4t7
                                          MD5:7846E95EE2757C9421DBE5A4B57CD105
                                          SHA1:07C091FC1062DB5C15B8E6E24622047E24CA2C44
                                          SHA-256:46BA0C5A3C5230F17CE61A2F6A30B4B7E920EA69C1FEC03A298C369F5F271AC2
                                          SHA-512:C27604D081C9918D9E49663BB1217879D0F9D08E85E6990097C2AAE2E91AB25773FD44DA1C827B72A9CFC450ED6E8E687F095172509C4A546C13A2089B30839F
                                          Malicious:false
                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.....pHYs...........k.....tEXtSoftware.paint.net 4.0.19..d....IDATx^.........c^`)i F..V[...1.j...@...R!.BT...k.7...^v.Ep.EA*/Yh5..{......X..-6}..V....;s.....w.s3_.K.....7..9.3...(...(z...=......E.....{@..=....P.p.(z...=......E.....{@..!......F~.....)...T....|..It.....P,d.p.q9.8b.[l.._.@.P..:FI..a'......g.@.P...$G.p'..iQ........(.*........b.......\.b.".}@...v...%.o.@..!. ..;....s~.|........_l-G.......y.\a....B.l.....S..fE....c..P.fC.Q....BC.5.....:.:.../J6...l(.I.q;...B#p.c5r.$.a...[.B......p.i...v.....\{T.{Q.2.E;?.....&..."..51..4j'..XHp..V.....44./RAf.i.N.2.hQ..\..j+..XHH...Y...&Ut....V..|(..*4...&.=.@.P....D\....#S$..4...~.&...X6.;....Fm:... ....X.a......Q......x...4...Z.r...w.Fm:...B..q..y...z.EpB.b...)......*..Ae.H...<h0j..P......}0....T....;b....YL.S{]c.3......x.4....-b..$.T.mb...z........~.D.Yn.^9...M...I........jQ.N.b6.7.'......]..n9....R........{..>.n../.....{u.gCP...M.]..n..v.'...1.P.|B

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\server.lic

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10046
                                          Entropy (8bit):7.98083040753861
                                          Encrypted:false
                                          SSDEEP:192:rTNiy4dqF2CjxJkng5thWvDYMYEGvKSjCKqp:li7qF26u+4YHXGKqp
                                          MD5:F4F1B96913CCDDC1F38A0EA63B0A99EF
                                          SHA1:4BD289E4C539530B32D6F77E74E050B44AFE4DA8
                                          SHA-256:AC6A99CDAE077D757ED20B9D9AD404313F0DFD45EB7F2992285D84D6846E4C43
                                          SHA-512:D543FC196C8CF2D1057788EC6B915B660B267ECAE568D4DB8FB50EED707DD9607BFC80F1C3306093ED761C8DBCFB2A0BBBCC58B3F616363CE136EC9B1CD291CC
                                          Malicious:false
                                          Preview:Bomgar Software License v09.11..&...j...4.Fu.l..M..f..N...<k...Gx.B...z.4.muf`p5W...Cz.k3@. ..@.....#T.B.P....A..{~4HtX....3.'.0...|a.V.....sX.gIdH..(W...y...'4).:..4P\.B..$.EDz..........t....m$v..j>...J*......m..&;..3.=...p.n.Lt....'..g9./.Z.}.G._h.....c....d...#.e.N.~....I..pR$...?,...m+"}..#].4..5OK.}.wU.G..6s.t...q.."...@-..IqY'.+......N:....n.5..NT~,.r.9vb.u.K..a.Y.[....=..A.G@.G..........J3..{......<sH..M[...Qt!.9.`uMav.,....-Pn..x.g.TU..^..!..3.4g.....~.`v~L..x.J.[.j.6l.#`..t.....l._(...>.F.eR(.q.......55,'.s..F...sx{.%P..c.F.66....2..e...A......j}..+.N..................i.y.`.&.g..o).E..g..2./V.....|.M%.9._.$.A.....i..3............Q...(.2..6 (..55.$....B I}.'.r:7.u..<.tI.x.c...3...y.D..h1.v.@.....zm..'/...S ......x.....X.)..Y..%.....E'.<.1..1........-F...DzD}.K.......|b..0...{.(UmV..g..m..`...P.j....&n..q.o.....z...[Q..q.t..>[vr.....$....;9......*..J.,..".Xp.jD.jU.Qe.7....-....X...y.@.z.b.'.l.l.n~Z....`%.7..rA"..3z'....b.wYJ......cWX:G.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings-cc.ini

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4192
                                          Entropy (8bit):0.3187850124364706
                                          Encrypted:false
                                          SSDEEP:6:1dy27HsssssssssssssssssssssssssssssssssssssssssssssssssssssssssS:1I2jP
                                          MD5:479ED25562615D5801F43833B150F185
                                          SHA1:F2F4FB72ECE325A71C9743EE19792EAAFBD28D17
                                          SHA-256:6F18615F73B4D22CE59005AC7587BB595AD20D3ED1CC42D6B8838F3966276630
                                          SHA-512:D1EFB3F20138C43B4A12E6E4368CB5F384918A335C066F06D45EDCB28C095BBF652637A26506605547A1DDFD72860BDF5560264711B8C6A600C9BB8C82428524
                                          Malicious:false
                                          Preview:[General]..instanceID=6628C8BD.. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings-init.ini

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:Generic INItialization configuration [Reconnect]
                                          Category:dropped
                                          Size (bytes):288
                                          Entropy (8bit):5.1137351157022
                                          Encrypted:false
                                          SSDEEP:6:1IX3J+hIAdfeZKVTJ4DG7r6KSX0wJ8C+g5KMJPzy:1u+hIAEZKVTJ4avLmCUKMdzy
                                          MD5:4A85F7C0E61249120DDABADD92E180DE
                                          SHA1:18D33673A6C8AC2B0A4D54D7C9E899306F6C2FCC
                                          SHA-256:14247059ED01E828C4D30CEF11C89068D734A530E98310D96B3A72B0D1A8F726
                                          SHA-512:C1C2BDE7CA41C62A0CA3B7936DFE6BACC81979E55948684902490F410AD919E39921D7DE28A68EA0F4278CE55607265A124910045B2F1500596499C56B73A250
                                          Malicious:false
                                          Preview:[General]..build_version=22.2.3..build_revision=3143-ed09842299ecfc168285eed9c75148f559a689b3..build_date=20221027175718..startup_animation_instance_id=$SPIN_INSTANCE..[Reconnect]..min_reconnect_delay=5..average_connections_per_second=50..respawn_interval=60..proxy_detect_interval=1440..

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings.ini

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          File Type:Generic INItialization configuration [Pinned]
                                          Category:dropped
                                          Size (bytes):4176
                                          Entropy (8bit):0.7422913103076907
                                          Encrypted:false
                                          SSDEEP:6:1dy27AJwkn23fRVWY/dbEjLgQDV5xvEy27Hsssssssssssssssssssssssssssss:1I2Jf6G1KVfvl2jQ
                                          MD5:D3B958565ED2242D1D158B03342E1CD2
                                          SHA1:5177A113726916F26CA190DA0C7726B0B2076FE3
                                          SHA-256:F2118949FCA39521D9CCAAD86C4116601EB5C597237413189E6474FF3C91685C
                                          SHA-512:9DCDE6DF5FED88AB6001EB291F0E1F61BF54EF5E3DD88924B391671EAD9D8ED97162F2BFFACC90B60153A1FCB3253DD44A039ABC903342DFBA4F832AE1107B9C
                                          Malicious:false
                                          Preview:[General]..instanceID=6628C8BD..[Pinned]..AppPath="C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe"..autoupdate_use_app_res_dir=..build_date=..build_revision=..build_version=..instanceID=6628C8BD.. .. .. .. .. .. .. .. .. .. .. .. ..

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\spinner.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):153160
                                          Entropy (8bit):6.306963090136152
                                          Encrypted:false
                                          SSDEEP:3072:D5872UpzxlNjI+s4A8uTNlEMilg+bhwzQjDNnRkLjxAKX2xR:DSPphzs4AhjeFw+NnkG
                                          MD5:7C289584808ECDA09710B49BD7CE8D54
                                          SHA1:54EF4A97C429DD99BF21AF181355DFB6ACBDD851
                                          SHA-256:657322ADCB0BAB762FA1F09D9DD206DDFC1F7CC886C8E0876A870CD3A302014E
                                          SHA-512:0BE5354DDE44C217F0FD50920ECB8EFA031F5B75C6532A2F5A2347C61963AC8E2A9BD8EEA7C6B6D1BBA6FADD5B28F3E2D23FEFC2388447030201BE95BDFF6EA1
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)-'.mLI.mLI.mLI.y'M.fLI.y'J.hLI.y'L..LI..<L.HLI..<M.}LI..<J.dLI.y'H.dLI.mLH..LI..=L.oLI..=..lLI..=K.lLI.RichmLI.........PE..d.....Mc.........."..........P.......".........@.............................`......0.....`..................................................\..d..............D.......HP...P..8...pL..p............................L..0............................................text............................... ..`.rdata..............................@..@.data........p.......P..............@....pdata..D............Z..............@..@_RDATA...............h..............@..@.rsrc...............j..............@..@.reloc..8....P......................@..B................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\start-cb-hook.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1403
                                          Entropy (8bit):5.568486223574158
                                          Encrypted:false
                                          SSDEEP:24:C3vx4Oe5KVyP8ggpdmfciaLUcGLifJkpfBrdwpE7Yic7Bk5C5HfjZn7ZWgn:C3uL0VyPYkfc3DG2ujd57Yv7Bk5CZ9n
                                          MD5:3BE907A6BA81359F4CBEC331B7D6FC0C
                                          SHA1:9B492B01D15058EE41AE1743632613A938CF97F5
                                          SHA-256:6DFD834C976BF37764234C4511CCE887E0666584D879543385442EE6F9E76402
                                          SHA-512:906A91301A42C0BD83FB401515C103E2219A9452E5FC8818F2977B1AE3BBE8CF96954DA3E50AF80CB6D0796C219D558C6AC28AF7AA46FC4BE44973A206728993
                                          Malicious:false
                                          Preview:@echo off..rem start-cb-hook.bat copies the hook dlls to a different directory and gives them unique names...rem start-cb-hook.bat creates stop-cb-hook.bat with these and appends stop-cb-hook.bat.template to it.....VERIFY OTHER 2>nul..SETLOCAL ENABLEEXTENSIONS..IF ERRORLEVEL 1 EXIT /B 1....set ARGS=%*..set EXE_PATH32="%~dp0embedhook-x86.exe"..set EXE_PATH64="%~dp0embedhook-x64.exe"..set TEMPPREFIX=Z@H!....set TEMPHASH=%RANDOM%%RANDOM%%RANDOM%%RANDOM%%TIME:~9,2%......IF DEFINED LOCALAPPDATA (.. set TMPPATH=%LOCALAPPDATA%..) ELSE (.. set TMPPATH=%APPDATA%..)..del /q %TMPPATH%\%TEMPPREFIX%*.tmp....set DLL_PATH32=%TMPPATH%\%TEMPPREFIX%-%TEMPHASH%-32.tmp....copy /b "\\?\%~dp0cbhook-x86.dll" "%DLL_PATH32%" ..start "" %EXE_PATH32% --install "%DLL_PATH32%" %ARGS%....rem write over any existing stop-cb-hook.bat..@echo @set DLL_PATH32=%DLL_PATH32% > "%~dp0stop-cb-hook.bat"....set x64=false....if DEFINED PROCESSOR_ARCHITEW6432 set x64=true..if %PROCESSOR_ARCHITECTURE%==AMD64 set x64=true..if

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_1.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1563480973349343
                                          Encrypted:false
                                          SSDEEP:24:saMelmOKEoyAbKxhRCeOXaXF6kCslD6XnXvHX5/1lMO3XHoX5HIlttINM0+FN:bmO37AsRwXaX1/0tMKHoulvvx
                                          MD5:7604363A3DB0D8202ABFD9C16D154D4E
                                          SHA1:6BBA587D800DF3630C1A762422B743B8F8D91086
                                          SHA-256:D732DD994C232E710145E43062E5E085E3897B885ACFB5422B6C395E3295042D
                                          SHA-512:1DD47A4EAEEE8EBFF4A661FEC6943D2D3A59E9C37E90120078FAAF90AD92C4C973F8B1526FDAD20CE4D770220EF49D8EEADFD7AADAAADB1B9057602969229033
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.\cs.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.?e..\j..[l..Ne..Jf..[q..`~..*c...[...U...U...V...W...X...Y...^..p...z.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_2.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.161308355433604
                                          Encrypted:false
                                          SSDEEP:48:uIKaO37AHIvxIbCrOxRsLOL7LYQb2aQ4IVIe:TKaO3+IKbCrOxRAaQ4s
                                          MD5:0B312FD112C34504680ABCE9FE6EAA13
                                          SHA1:3268FFD8504801A59AB5722A174498691419DDC7
                                          SHA-256:EB3FF2CACD409461C6A8DDE65D278C296745401FAFFFD6ECDCF470E595C98008
                                          SHA-512:2289EE101AF9736320D27FED8DD52F2954DF98208E8B84358BF6468988B714CF6894188945CE477EA43017B250C1B2C8B73F3363FDE560575CE4832B8CFC0519
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]..\j..[l..[q..`~...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U..p...z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_3.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.161308355433604
                                          Encrypted:false
                                          SSDEEP:48:uIKaO37AHIvxQ0b1AJRKL8LpLY2Z2oK4urIe:TKaO3+Ii0b1AJR2oK4E
                                          MD5:915B8A9DE4CCEF690B17A5A66B945487
                                          SHA1:9A3D393A91F551446561F8E42E90C0E13C1EB4FC
                                          SHA-256:BD8E3F9CCF7F108DEFDF28C74D238AFA01BD22F119A782497C1FFDCDB0CD0CC8
                                          SHA-512:16DF0E7DC2577FABB2592F514E83574404951BB2A702100238F71E69FAD2E48385B6B1E33C981B028AC6E76B076B1CEF1A57D9D9D2FB030D57465E46E2CFA5C4
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]..\j..[l..[q..`~...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U..p...z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_4.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1509748470400782
                                          Encrypted:false
                                          SSDEEP:48:uRXkw3/oofUGXjSjSjkjXWWPiBIg72wCbIFcbjobjiT6:Uh3SWWPiBIg72IFcbjobjb
                                          MD5:EBCFFEA1A5E062435B12BAFA37509C9D
                                          SHA1:90D95C3E42901A47CCEBF9038D629D58D6BFEAA3
                                          SHA-256:B41EF27CDCDC734B675F6A057D0130DB083B232C1456DF89F6B29DDCF2E01C45
                                          SHA-512:4DFA9ED7D9C19D06E5D60E036C85658C6CD8EA75CBE08F2BAAD8125E3D3073925CC1E071FF74E4EB1A3EECBD40F94D5DE57ABF6349182DD69E387748E0B31A56
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.mkk.lll.pnm.qon.vtt.xvv..~}.1[..,Z..C]...X...X..$Y...W...V...W...V...W...V...V...U...U...V...U................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_5.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1484087593385348
                                          Encrypted:false
                                          SSDEEP:24:saO/CogtALKE/KRkKVststshsniSiSGSZHTFZbL1:uhF3/ZSSunzzfZzt
                                          MD5:0DB01E512C8B09FEA1C1BCB93DDF0650
                                          SHA1:75147C7D7256CB4EF2D928BE90A2136171A3B805
                                          SHA-256:B42445F9D216CDEEBB1463F018616AB955FEF00B3F86548D88910CF60C7B5DE8
                                          SHA-512:DC89F30EF3D04BDEA271375CFB5415C08F3CB6B9E72837A9077AF5C6CD76E14F0D219D227D92C74C0DADAEB16ABCE9F8861BF607B5E2757D77CAAEAEB5E9E693
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\stop-cb-hook.bat.template

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):519
                                          Entropy (8bit):5.454910701231489
                                          Encrypted:false
                                          SSDEEP:12:cNXKIkJWj2diIk3NmyOYV9hI20STt27Sm3hFc7BThH/hO8+:U1iyOeM20STE7xFc7BdpO8+
                                          MD5:3BF7A702E700E6FBB202DDF6C15D826D
                                          SHA1:AFE2495765BC7FF7F651744CD7DE95A4D594C878
                                          SHA-256:00E023342653F09F87000879C3878A5A2FBCD729FD62330399A3EA693F72AFCF
                                          SHA-512:AB01F5CCA27ED73B1B1E3D7242C2DDFD54FC8BE8C2196FFCED634E85587F0A88273EC323B278955BEB8CA156178FB5ED207944C3080B2A8A10B03F0C53EBED9B
                                          Malicious:false
                                          Preview:@echo off..rem this a template used to make stop-cb-hook.bat. First write @set DLL_PATH32|64 = <path to dll> to stop-cb-hook.bat..rem then append this file...VERIFY OTHER 2>nul..SETLOCAL ENABLEEXTENSIONS..IF ERRORLEVEL 1 EXIT /B 1....start "" "%~dp0embedhook-x86.exe" --kill "%DLL_PATH32%" --site %1....if DEFINED PROCESSOR_ARCHITEW6432 call :killx64hook..if %PROCESSOR_ARCHITECTURE%==AMD64 call :killx64hook....goto :eof....:killx64hook..start "" "%~dp0embedhook-x64.exe" --kill "%DLL_PATH64%" --site %1..goto :eof....

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\uninstall.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):53
                                          Entropy (8bit):4.51963554857626
                                          Encrypted:false
                                          SSDEEP:3:D/GjIWtAdASH5Mv:L/d/mv
                                          MD5:CDD19A0D84C85F3449989EAB0BEC0666
                                          SHA1:8E41A62581F879339B83DFC7C84DCF373E86849D
                                          SHA-256:8F77C6A9CE46A37C80E3CFABFFEDCB17F82B5B6E8135F0FD2F40B6E91F6AEF58
                                          SHA-512:85DD96D2E00CFDB5DF2EA695EFC34E3EE5E907DE92147DB6EAC3B184A470363F54AC17748907F9CB6963E8FD4346B7177C01527A8A88EE5CA780B7622BCD73A0
                                          Malicious:false
                                          Preview:cd "%~dp0.."."%~dp0bomgar-scc.exe" -uninstall silent.

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-1.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1563480973349343
                                          Encrypted:false
                                          SSDEEP:24:saMelmOKEoyAbKxhRCeOXaXF6kCslD6XnXvHX5/1lMO3XHoX5HIlttINM0+FN:bmO37AsRwXaX1/0tMKHoulvvx
                                          MD5:7604363A3DB0D8202ABFD9C16D154D4E
                                          SHA1:6BBA587D800DF3630C1A762422B743B8F8D91086
                                          SHA-256:D732DD994C232E710145E43062E5E085E3897B885ACFB5422B6C395E3295042D
                                          SHA-512:1DD47A4EAEEE8EBFF4A661FEC6943D2D3A59E9C37E90120078FAAF90AD92C4C973F8B1526FDAD20CE4D770220EF49D8EEADFD7AADAAADB1B9057602969229033
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.\cs.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.?e..\j..[l..Ne..Jf..[q..`~..*c...[...U...U...V...W...X...Y...^..p...z.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-2.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.161308355433604
                                          Encrypted:false
                                          SSDEEP:48:uIKaO37AHIvxIbCrOxRsLOL7LYQb2aQ4IVIe:TKaO3+IKbCrOxRAaQ4s
                                          MD5:0B312FD112C34504680ABCE9FE6EAA13
                                          SHA1:3268FFD8504801A59AB5722A174498691419DDC7
                                          SHA-256:EB3FF2CACD409461C6A8DDE65D278C296745401FAFFFD6ECDCF470E595C98008
                                          SHA-512:2289EE101AF9736320D27FED8DD52F2954DF98208E8B84358BF6468988B714CF6894188945CE477EA43017B250C1B2C8B73F3363FDE560575CE4832B8CFC0519
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]..\j..[l..[q..`~...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U..p...z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-3.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.161308355433604
                                          Encrypted:false
                                          SSDEEP:48:uIKaO37AHIvxQ0b1AJRKL8LpLY2Z2oK4urIe:TKaO3+Ii0b1AJR2oK4E
                                          MD5:915B8A9DE4CCEF690B17A5A66B945487
                                          SHA1:9A3D393A91F551446561F8E42E90C0E13C1EB4FC
                                          SHA-256:BD8E3F9CCF7F108DEFDF28C74D238AFA01BD22F119A782497C1FFDCDB0CD0CC8
                                          SHA-512:16DF0E7DC2577FABB2592F514E83574404951BB2A702100238F71E69FAD2E48385B6B1E33C981B028AC6E76B076B1CEF1A57D9D9D2FB030D57465E46E2CFA5C4
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.`dm.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]..\j..[l..[q..`~...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U..p...z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-4.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1509748470400782
                                          Encrypted:false
                                          SSDEEP:48:uRXkw3/oofUGXjSjSjkjXWWPiBIg72wCbIFcbjobjiT6:Uh3SWWPiBIg72IFcbjobjb
                                          MD5:EBCFFEA1A5E062435B12BAFA37509C9D
                                          SHA1:90D95C3E42901A47CCEBF9038D629D58D6BFEAA3
                                          SHA-256:B41EF27CDCDC734B675F6A057D0130DB083B232C1456DF89F6B29DDCF2E01C45
                                          SHA-512:4DFA9ED7D9C19D06E5D60E036C85658C6CD8EA75CBE08F2BAAD8125E3D3073925CC1E071FF74E4EB1A3EECBD40F94D5DE57ABF6349182DD69E387748E0B31A56
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.mkk.lll.pnm.qon.vtt.xvv..~}.1[..,Z..C]...X...X..$Y...W...V...W...V...W...V...V...U...U...V...U................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-5.bmp

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset 1078
                                          Category:dropped
                                          Size (bytes):61078
                                          Entropy (8bit):1.1484087593385348
                                          Encrypted:false
                                          SSDEEP:24:saO/CogtALKE/KRkKVststshsniSiSGSZHTFZbL1:uhF3/ZSSunzzfZzt
                                          MD5:0DB01E512C8B09FEA1C1BCB93DDF0650
                                          SHA1:75147C7D7256CB4EF2D928BE90A2136171A3B805
                                          SHA-256:B42445F9D216CDEEBB1463F018616AB955FEF00B3F86548D88910CF60C7B5DE8
                                          SHA-512:DC89F30EF3D04BDEA271375CFB5415C08F3CB6B9E72837A9077AF5C6CD76E14F0D219D227D92C74C0DADAEB16ABCE9F8861BF607B5E2757D77CAAEAEB5E9E693
                                          Malicious:false
                                          Preview:BM........6...(...,...............................................(((.666.QQQ.b`_.U_t.X_p.P^}._`e.fdc.igg.mkk.lll.pnm.qon.vtt.xvv..~}.3[..,Z..C]...X..$Y..!Y...W...W...V...W...V...V...V...U...U...U....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):153160
                                          Entropy (8bit):6.306963090136152
                                          Encrypted:false
                                          SSDEEP:3072:D5872UpzxlNjI+s4A8uTNlEMilg+bhwzQjDNnRkLjxAKX2xR:DSPphzs4AhjeFw+NnkG
                                          MD5:7C289584808ECDA09710B49BD7CE8D54
                                          SHA1:54EF4A97C429DD99BF21AF181355DFB6ACBDD851
                                          SHA-256:657322ADCB0BAB762FA1F09D9DD206DDFC1F7CC886C8E0876A870CD3A302014E
                                          SHA-512:0BE5354DDE44C217F0FD50920ECB8EFA031F5B75C6532A2F5A2347C61963AC8E2A9BD8EEA7C6B6D1BBA6FADD5B28F3E2D23FEFC2388447030201BE95BDFF6EA1
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)-'.mLI.mLI.mLI.y'M.fLI.y'J.hLI.y'L..LI..<L.HLI..<M.}LI..<J.dLI.y'H.dLI.mLH..LI..=L.oLI..=..lLI..=K.lLI.RichmLI.........PE..d.....Mc.........."..........P.......".........@.............................`......0.....`..................................................\..d..............D.......HP...P..8...pL..p............................L..0............................................text............................... ..`.rdata..............................@..@.data........p.......P..............@....pdata..D............Z..............@..@_RDATA...............h..............@..@.rsrc...............j..............@..@.reloc..8....P......................@..B................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd

                                          Download File
                                          Process:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):233
                                          Entropy (8bit):5.187296754895234
                                          Encrypted:false
                                          SSDEEP:6:hlPwkn23fRV6u1sXZWjk/8hK7zdvs/Pwkn23fRV6u1sXn:YfeZXoo0hK7z+AfeZXn
                                          MD5:433BD1E687708A5DF3A6E621DC6A3753
                                          SHA1:CE145847886B35E2D59B708FAB06E4A1F9ADF0C9
                                          SHA-256:E710C5B742E3A2E759BF8F0430085DB8A441681AB1D37B132C54ECF76C8206B6
                                          SHA-512:B5B9161BA66344AA9739CCA9269341780C4666351B08272574A96F133F9B6F36FAB57C579947A4E9293C29D1B40353D02B9B81629816015F91906BB03AA34EC0
                                          Malicious:false
                                          Preview:@echo off.."C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON ..cd ....rmdir /q /s "C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE"

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Entropy (8bit):7.997343927217264
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          File size:3'803'704 bytes
                                          MD5:e6c05234f5ead39c58592299df449249
                                          SHA1:ccc93386e293eb1ab7d7d274686b6e480bf833ae
                                          SHA256:fb522c0f319128643c4393ce688ab4f2ad0cda0145cc405f8d631d1b36fb9782
                                          SHA512:5f70d7ed1dc32837d4151cb7b822d0be8ccac27d165bf708963209b1d659529d2ca8dbbc90b66493cd0d112f60fbb191a2d9ff0746882b0ebc4062be39791d5f
                                          SSDEEP:98304:kx8gvYDz5S+7E4jIH+KIwJqW5ksKXH/rT7mKbzPtMGDHsKY6FZM9p:kx8ggD9SojM343fXfa4tLIKjS
                                          TLSH:300633B4A5D49825ED3C26F907F8832E7278C6452880699FF7469D66FB10181FB0E4BF
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...i:.V.................^..........l2.......p....@

                                          File Icon

                                          Icon Hash:137131b3b233399c

                                          Static PE Info

                                          General

                                          Entrypoint:0x40326c
                                          Entrypoint Section:.text
                                          Digitally signed:true
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                          Time Stamp:0x56FF3A69 [Sat Apr 2 03:20:09 2016 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:b1a57b635b23ffd553b3fd1e0960b2bd

                                          Authenticode Signature

                                          Signature Valid:true
                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                          Signature Validation Error:The operation completed successfully
                                          Error Number:0
                                          Not Before, Not After
                                          • 06/05/2022 01:00:00 21/05/2025 00:59:59
                                          Subject Chain
                                          • CN=Bomgar Corporation, OU=Remote Support, O=Bomgar Corporation, L=Ridgeland, S=Mississippi, C=US
                                          Version:3
                                          Thumbprint MD5:B6B7A58D71125E5EAEFF9FAD1958BBC7
                                          Thumbprint SHA-1:8E8C9C5DC8F40AB96EFB9DCA9099CA43CB261D8C
                                          Thumbprint SHA-256:93949EC5250F935A87FE9A73A5D0377D306802A0F77E1CC6CDD68A1818CD45B9
                                          Serial:035D6332D3DD3ABC563615D16E0A7440

                                          Entrypoint Preview

                                          Instruction
                                          sub esp, 00000184h
                                          push ebx
                                          push ebp
                                          push esi
                                          push edi
                                          xor ebx, ebx
                                          push 00008001h
                                          mov dword ptr [esp+20h], ebx
                                          mov dword ptr [esp+14h], 00409130h
                                          mov dword ptr [esp+1Ch], ebx
                                          mov byte ptr [esp+18h], 00000020h
                                          call dword ptr [004070B4h]
                                          call dword ptr [004070B0h]
                                          cmp ax, 00000006h
                                          je 00007F13E4D0C723h
                                          push ebx
                                          call 00007F13E4D0F51Ch
                                          cmp eax, ebx
                                          je 00007F13E4D0C719h
                                          push 00000C00h
                                          call eax
                                          mov esi, 00407280h
                                          push esi
                                          call 00007F13E4D0F498h
                                          push esi
                                          call dword ptr [004070ACh]
                                          lea esi, dword ptr [esi+eax+01h]
                                          cmp byte ptr [esi], bl
                                          jne 00007F13E4D0C6FDh
                                          push 0000000Dh
                                          call 00007F13E4D0F4F0h
                                          push 0000000Bh
                                          call 00007F13E4D0F4E9h
                                          mov dword ptr [00423F64h], eax
                                          call dword ptr [00407038h]
                                          push ebx
                                          call dword ptr [0040726Ch]
                                          mov dword ptr [00424018h], eax
                                          push ebx
                                          lea eax, dword ptr [esp+38h]
                                          push 00000160h
                                          push eax
                                          push ebx
                                          push 0041F518h
                                          call dword ptr [0040715Ch]
                                          push 004091C0h
                                          push 00423760h
                                          call 00007F13E4D0F11Ch
                                          call dword ptr [00407108h]
                                          mov ebp, 0042A000h
                                          push eax
                                          push ebp
                                          call 00007F13E4D0F10Ah
                                          push ebx
                                          call dword ptr [00407144h]

                                          Rich Headers

                                          Programming Language:
                                          • [EXP] VC++ 6.0 SP5 build 8804

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x4150.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x39bc000x4e38
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x5c740x5e0051e2544a6971f687f7a1241f613014c1False0.6614029255319149data6.410392274858999IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x70000x11960x12004c84e530bf8db37146334e6c487170bfFalse0.4587673611111111data5.203736203417129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x90000x1b0580x60075d996f724e5e900c022f56b3df3ae1bFalse0.4401041666666667data4.130528180629363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .ndata0x250000xb0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x300000x41500x42001e99d3db0c627f39f05ee1952cc71b96False0.23828125data3.5693320727209707IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x302080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.1812240663900415
                                          RT_ICON0x327b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.2767354596622889
                                          RT_DIALOG0x338580x100dataEnglishUnited States0.5234375
                                          RT_DIALOG0x339580x11cdataEnglishUnited States0.6056338028169014
                                          RT_DIALOG0x33a780x60dataEnglishUnited States0.7291666666666666
                                          RT_GROUP_ICON0x33ad80x22dataEnglishUnited States0.9411764705882353
                                          RT_VERSION0x33b000x378data0.4594594594594595
                                          RT_MANIFEST0x33e780x2d7XML 1.0 document, ASCII text, with very long lines (727), with no line terminatorsEnglishUnited States0.5653370013755158

                                          Imports

                                          DLLImport
                                          KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, Sleep, lstrcmpiA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, GetCommandLineA, GetTempPathA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                          USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                          SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                          ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 24, 2024 10:54:24.334599018 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:24.334707975 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:24.334806919 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:24.337152958 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:24.337192059 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:24.979598045 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:24.979809999 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.039067984 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.039100885 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.039167881 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.039172888 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.039220095 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.039226055 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.039499998 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.101088047 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.101150990 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.142808914 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.591917992 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.592159033 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.592242002 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.631297112 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:25.631371975 CEST4434973154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:25.631409883 CEST49731443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:28.507987976 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:28.508018017 CEST443497323.233.108.128192.168.2.4
                                          Apr 24, 2024 10:54:28.508085966 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:28.511138916 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:28.511153936 CEST443497323.233.108.128192.168.2.4
                                          Apr 24, 2024 10:54:28.957484007 CEST443497323.233.108.128192.168.2.4
                                          Apr 24, 2024 10:54:28.957644939 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:29.047497988 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:29.047521114 CEST443497323.233.108.128192.168.2.4
                                          Apr 24, 2024 10:54:29.047605991 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:29.047611952 CEST443497323.233.108.128192.168.2.4
                                          Apr 24, 2024 10:54:29.047641039 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:29.047795057 CEST443497323.233.108.128192.168.2.4
                                          Apr 24, 2024 10:54:29.047892094 CEST49732443192.168.2.43.233.108.128
                                          Apr 24, 2024 10:54:29.191339016 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.191431999 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:29.191509962 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.193064928 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.193101883 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:29.828752995 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:29.828839064 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.884752989 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.884794950 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:29.885085106 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:29.917921066 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.917970896 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:29.918031931 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:29.960160017 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:30.483246088 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:30.483432055 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:30.486507893 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:30.488409042 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:30.488454103 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:30.488481998 CEST49733443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:30.488500118 CEST4434973354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:31.836107969 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:31.836144924 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:31.836210966 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:31.838598013 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:31.838617086 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.482402086 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.482573986 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495297909 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495328903 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495378017 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495383978 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495431900 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495435953 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495476007 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495480061 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495520115 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495524883 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495568991 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495573044 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495614052 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495635033 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495696068 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:32.495737076 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:32.495785952 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:33.112451077 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:33.112633944 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:33.112720013 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:33.113692045 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:33.113709927 CEST4434973454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:33.113723040 CEST49734443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.243598938 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.243680000 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:41.243766069 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.253623009 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.253670931 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:41.879988909 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:41.880177021 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.909126997 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.909233093 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:41.909382105 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.909398079 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:41.909631968 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:41.955235958 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:41.955293894 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:42.002079010 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:42.491719961 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:42.491904020 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:42.491987944 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:42.496459961 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:42.496460915 CEST49741443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:42.496541023 CEST4434974154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:46.898741007 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:46.898825884 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:46.898947001 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:46.909895897 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:46.909931898 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.560117960 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.560220957 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:47.573442936 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:47.573492050 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.573560953 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:47.573573112 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.573632956 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:47.573645115 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.573771954 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.627062082 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:47.627084970 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:47.673975945 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:48.170563936 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:48.170737982 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:48.170833111 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:48.172169924 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:48.172169924 CEST49742443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:48.172214985 CEST4434974254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:51.541512012 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:51.541564941 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:51.541680098 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:51.543328047 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:51.543343067 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.169428110 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.169631958 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.182321072 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.182343006 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.182419062 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.182424068 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.182476997 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.182482004 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.182522058 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.182526112 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.182621002 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.236458063 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.236470938 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.283328056 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.784171104 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.784334898 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.784399033 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.816981077 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:52.817007065 CEST4434974354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:52.817024946 CEST49743443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.093378067 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.093420029 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.093489885 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.098056078 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.098071098 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.742475986 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.742610931 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.755228043 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.755245924 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.755307913 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.755342960 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.755400896 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.755409002 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.755445004 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.755448103 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.755481005 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.755485058 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.755580902 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.799107075 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:56.799117088 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:56.845812082 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:57.357215881 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:57.357372999 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:54:57.357518911 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:57.364980936 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:57.364980936 CEST49744443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:54:57.365037918 CEST4434974454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:01.759526014 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:01.759625912 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:01.759732008 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:01.762077093 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:01.762115002 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:02.399290085 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:02.399535894 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:02.418287992 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:02.418361902 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:02.418442011 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:02.418457031 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:02.418517113 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:02.418521881 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:02.418576002 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:02.418603897 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:02.418664932 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:02.460192919 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:03.024801016 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:03.025026083 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:03.025098085 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:03.028908968 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:03.028949022 CEST4434974554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:03.029001951 CEST49745443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:06.485440969 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:06.485543013 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:06.485665083 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:06.490497112 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:06.490534067 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.118412971 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.118774891 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.143955946 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.143973112 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.144037008 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.144073009 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.144138098 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.144144058 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.144324064 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.189627886 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.189646959 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.236465931 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.745526075 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.745688915 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:07.745841026 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.746964931 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.746964931 CEST49746443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:07.747013092 CEST4434974654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.141086102 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.141113997 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.141213894 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.143589020 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.143603086 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.766907930 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.767155886 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.796061993 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.796082973 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.796205044 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.796209097 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.796264887 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.796288013 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.796399117 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:11.796422958 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:11.845901012 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:12.371242046 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:12.371442080 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:12.371516943 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:12.373032093 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:12.373047113 CEST4434974754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:12.373075008 CEST49747443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:16.725230932 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:16.725322962 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:16.725474119 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:16.738784075 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:16.738811970 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.365092993 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.365231037 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.387368917 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.387425900 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.387499094 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.387511969 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.387567043 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.387581110 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.387634039 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.387644053 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.387692928 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.439702988 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.439729929 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.486557007 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.980745077 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.980931997 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.981144905 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.991027117 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:17.991080046 CEST4434974854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:17.991111994 CEST49748443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.308854103 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.308897018 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:21.308973074 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.311336994 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.311352968 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:21.969053030 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:21.969276905 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.986104012 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.986135960 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:21.986242056 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.986251116 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:21.986342907 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:21.986349106 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:21.986434937 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:22.033395052 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:22.033421993 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:22.080285072 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:22.571930885 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:22.572148085 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:22.572231054 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:22.573317051 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:22.573343992 CEST4434975054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:22.573354959 CEST49750443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.168803930 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.168869972 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.168973923 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.176383972 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.176424980 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.825551033 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.825758934 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.847042084 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.847105980 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.847210884 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.847223043 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.847276926 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.847285032 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.847417116 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.892745018 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:31.892781019 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:31.939635038 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:32.455943108 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:32.456166029 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:32.456238985 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:32.459533930 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:32.459561110 CEST4434975154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:32.459589005 CEST49751443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:36.945916891 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:36.945990086 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:36.946166039 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:36.949672937 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:36.949708939 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.588745117 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.588941097 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:37.612590075 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:37.612627983 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.612689972 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:37.612726927 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.612796068 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:37.612812042 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.612878084 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:37.612888098 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.612956047 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.658485889 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:37.658504009 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:37.705401897 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:38.197288036 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:38.197463989 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:38.197531939 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:38.201458931 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:38.201488972 CEST4434975254.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:38.201544046 CEST49752443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:41.533977032 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:41.534008026 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:41.534090042 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:41.536662102 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:41.536676884 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.165452003 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.165625095 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.189385891 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.189399004 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.189475060 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.189479113 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.189564943 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.189568996 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.189596891 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.189946890 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.189953089 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.190010071 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.232166052 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.779323101 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.779550076 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.779700994 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.782968998 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:42.782979012 CEST4434975354.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:42.783041000 CEST49753443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.108441114 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.108489037 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.108577013 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.110918999 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.110939026 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.738598108 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.738699913 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.757417917 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.757448912 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.757503033 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.757536888 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.757628918 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.757635117 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.757688046 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.757692099 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.757744074 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.757747889 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.757778883 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.757802963 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.799060106 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.799076080 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:46.799173117 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:46.840125084 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:47.360093117 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:47.360275984 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:47.360445976 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:47.361968040 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:47.361994028 CEST4434975454.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:47.362010956 CEST49754443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:51.761852980 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:51.761898041 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:51.761993885 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:51.764272928 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:51.764291048 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.395416975 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.395678997 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414599895 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414618015 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.414688110 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414693117 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.414738894 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414742947 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.414793968 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414798021 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.414845943 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414850950 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.414895058 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.414891958 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.455339909 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:52.455349922 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:52.502175093 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:53.012334108 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:53.012511015 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:53.012603045 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:53.016151905 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:53.016174078 CEST4434975554.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:53.016232014 CEST49755443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:56.402532101 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:56.402625084 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:56.402753115 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:56.405069113 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:56.405107021 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.027797937 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.027971983 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.047087908 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.047137022 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.047235966 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.047247887 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.047357082 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.095931053 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.095959902 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.143007040 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.639523983 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.639609098 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.639776945 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.641427994 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:55:57.641475916 CEST4434975654.38.11.197192.168.2.4
                                          Apr 24, 2024 10:55:57.641509056 CEST49756443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.126235962 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.126315117 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.126432896 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.129188061 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.129218102 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.752607107 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.752908945 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.782340050 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.782396078 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.782485962 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.782500029 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.782552004 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.782562971 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.782804012 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.830379963 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:01.830399036 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:01.877172947 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:02.355786085 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:02.356225967 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:02.356410980 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:02.362790108 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:02.362823009 CEST4434975754.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:02.362838030 CEST49757443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:06.832009077 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:06.832118988 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:06.832216978 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:06.834677935 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:06.834717989 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.459229946 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.459481955 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:07.478403091 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:07.478488922 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.478589058 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:07.478602886 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.478682041 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.478717089 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:07.520123959 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.533555031 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:07.533590078 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:07.580637932 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:08.069806099 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:08.070036888 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:08.070151091 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:08.073790073 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:08.073833942 CEST4434975854.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:08.073868990 CEST49758443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:11.438349962 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:11.438395977 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:11.438554049 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:11.443543911 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:11.443567991 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.068979979 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.069149971 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.082387924 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.082410097 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.082508087 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.082515001 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.082595110 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.082602978 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.124191999 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.127211094 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.127223969 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.174151897 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.680061102 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.680274963 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.680351019 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.681957006 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:12.681982040 CEST4434975954.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:12.681998968 CEST49759443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.139646053 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.139744043 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.139858961 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.142282963 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.142319918 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.811134100 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.811331987 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.832961082 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.833007097 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.833067894 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.833080053 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.833129883 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.833164930 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.833192110 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.833230972 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.877300024 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:16.877319098 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:16.924135923 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:17.430556059 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:17.430728912 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:17.430808067 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:17.432327032 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:17.432389975 CEST4434976054.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:17.432425976 CEST49760443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:21.842488050 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:21.842526913 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:21.842586040 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:21.844851017 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:21.844865084 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.467698097 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.467793941 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480243921 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480273008 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.480360031 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480365038 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.480403900 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480407953 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.480443001 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480446100 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.480482101 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480484009 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.480520964 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.480539083 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.524147987 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.533438921 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:22.533459902 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:22.582909107 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:23.080193043 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:23.080383062 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:23.080632925 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:23.084094048 CEST49761443192.168.2.454.38.11.197
                                          Apr 24, 2024 10:56:23.084122896 CEST4434976154.38.11.197192.168.2.4
                                          Apr 24, 2024 10:56:23.084156990 CEST49761443192.168.2.454.38.11.197

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 24, 2024 10:54:24.119891882 CEST5882453192.168.2.41.1.1.1
                                          Apr 24, 2024 10:54:24.329626083 CEST53588241.1.1.1192.168.2.4
                                          Apr 24, 2024 10:54:28.338395119 CEST5420353192.168.2.41.1.1.1
                                          Apr 24, 2024 10:54:28.506633043 CEST53542031.1.1.1192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Apr 24, 2024 10:54:24.119891882 CEST192.168.2.41.1.1.10xf388Standard query (0)bomgar.iws-saas.frA (IP address)IN (0x0001)false
                                          Apr 24, 2024 10:54:28.338395119 CEST192.168.2.41.1.1.10x8facStandard query (0)license.bomgar.comA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Apr 24, 2024 10:54:24.329626083 CEST1.1.1.1192.168.2.40xf388No error (0)bomgar.iws-saas.fr54.38.11.197A (IP address)IN (0x0001)false
                                          Apr 24, 2024 10:54:28.506633043 CEST1.1.1.1192.168.2.40x8facNo error (0)license.bomgar.comlicense.bt3ng.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 24, 2024 10:54:28.506633043 CEST1.1.1.1192.168.2.40x8facNo error (0)license.bt3ng.com3.233.108.128A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • license.bomgar.com

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.44973154.38.11.197443736C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:25 UTC19OUTHEAD /np HTTP/1.0
                                          2024-04-24 08:54:25 UTC19OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                          Data Ascii: Connection: close
                                          2024-04-24 08:54:25 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:25 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:54:25 UTC18OUTData Raw: 58 2d 52 65 71 75 65 73 74 2d 49 64 3a 20 34 31 0d 0a
                                          Data Ascii: X-Request-Id: 41
                                          2024-04-24 08:54:25 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:25 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:25 UTC162INHTTP/1.1 200 OK
                                          Date: Wed, 24 Apr 2024 08:54:25 GMT
                                          X-Request-Id: 41
                                          Etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
                                          Content-Length: 0
                                          Connection: close


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.4497323.233.108.1284432716C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:29 UTC207OUTGET /?c=isilog_fr&v=22.2.3&a=x86_64&g=54.38.11.197&i=scc&O=337118209&o=10.0.19045&r=ed09842299ecfc168285eed9c75148f559a689b3&s=1219600&t=Windows%2010%20Pro%20%2822H2%29 HTTP/1.0
                                          Host: license.bomgar.com


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.44973354.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:29 UTC74OUTGET /get_rdf?comp=sdcust&gskey=494b4ebfd2db029983e1517ec6f68ec0 HTTP/1.0
                                          2024-04-24 08:54:29 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:29 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:29 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:30 UTC658INHTTP/1.1 200 OK
                                          Date: Wed, 24 Apr 2024 08:54:30 GMT
                                          Server: Apache
                                          Strict-Transport-Security: max-age=31536000
                                          Vary: X-Requested-With
                                          X-UA-Compatible: IE=edge
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1; mode=block
                                          Permissions-Policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=()
                                          Content-Security-Policy: default-src 'self';
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          X-Permitted-Cross-Domain-Policies: none
                                          Connection: close
                                          Content-Type: text/html; charset=utf-8
                                          2024-04-24 08:54:30 UTC47INData Raw: 31 20 4e 6f 20 6c 6f 63 61 6c 65 5f 63 6f 64 65 20 70 72 65 76 69 6f 75 73 6c 79 20 73 65 74 20 69 6e 20 74 68 65 20 73 65 73 73 69 6f 6e 0a
                                          Data Ascii: 1 No locale_code previously set in the session


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.44973454.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:32 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:54:32 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:54:32 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:32 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:54:32 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:54:32 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:32 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:33 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:54:32 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:54:33 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.44974154.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:41 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:54:41 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:54:41 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:41 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:54:41 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:54:41 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:41 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:42 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:54:42 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:54:42 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.44974254.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:47 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:54:47 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:54:47 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:47 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:54:47 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:54:47 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:47 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:48 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:54:48 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:54:48 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.44974354.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:52 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:54:52 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:54:52 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:52 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:54:52 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:54:52 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:52 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:52 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:54:52 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:54:52 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.44974454.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:54:56 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:54:56 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:54:56 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:54:56 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:54:56 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:54:56 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:54:56 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:54:57 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:54:57 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:54:57 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.44974554.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:02 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:02 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:02 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:02 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:02 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:02 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:02 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:03 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:02 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:03 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.44974654.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:07 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:07 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:07 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:07 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:07 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:07 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:07 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:07 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:07 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:07 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.44974754.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:11 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:11 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:11 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:11 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:11 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:11 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:11 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:12 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:12 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:12 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.44974854.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:17 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:17 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:17 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:17 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:17 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:17 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:17 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:17 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:17 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:17 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.44975054.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:21 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:21 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:21 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:21 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:21 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:21 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:21 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:22 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:22 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:22 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.44975154.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:31 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:31 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:31 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:31 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:31 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:31 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:31 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:32 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:32 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:32 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.44975254.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:37 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:37 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:37 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:37 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:37 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:37 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:37 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:38 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:38 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:38 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.44975354.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:42 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:42 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:42 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:42 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:42 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:42 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:42 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:42 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:42 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:42 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.44975454.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:46 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:46 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:46 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:46 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:46 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:46 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:46 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:47 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:47 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:47 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.44975554.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:52 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:52 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:52 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:52 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:52 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:52 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:52 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:53 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:52 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:53 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.44975654.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:55:57 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:55:57 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:55:57 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:55:57 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:55:57 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:55:57 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:55:57 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:55:57 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:55:57 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:55:57 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.44975754.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:56:01 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:56:01 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:56:01 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:56:01 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:56:01 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:56:01 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:56:01 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:56:02 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:56:02 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:56:02 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.44975854.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:56:07 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:56:07 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:56:07 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:56:07 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:56:07 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:56:07 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:56:07 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:56:08 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:56:07 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:56:08 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.44975954.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:56:12 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:56:12 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:56:12 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:56:12 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:56:12 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:56:12 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:56:12 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:56:12 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:56:12 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:56:12 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.44976054.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:56:16 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:56:16 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:56:16 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:56:16 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:56:16 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:56:16 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:56:16 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:56:17 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:56:17 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:56:17 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.44976154.38.11.1974437064C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-24 08:56:22 UTC22OUTCONNECT /ns HTTP/1.1
                                          2024-04-24 08:56:22 UTC21OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 75 70 67 72 61 64 65 0d 0a
                                          Data Ascii: Connection: upgrade
                                          2024-04-24 08:56:22 UTC26OUTData Raw: 48 6f 73 74 3a 20 62 6f 6d 67 61 72 2e 69 77 73 2d 73 61 61 73 2e 66 72 0d 0a
                                          Data Ascii: Host: bomgar.iws-saas.fr
                                          2024-04-24 08:56:22 UTC40OUTData Raw: 55 70 67 72 61 64 65 3a 20 69 6e 67 72 65 64 69 20 73 75 70 70 6f 72 74 20 64 65 73 6b 20 63 75 73 74 6f 6d 65 72 0d 0a
                                          Data Ascii: Upgrade: ingredi support desk customer
                                          2024-04-24 08:56:22 UTC25OUTData Raw: 58 2d 4e 73 2d 43 6f 6d 70 61 6e 79 3a 20 69 73 69 6c 6f 67 5f 66 72 0d 0a
                                          Data Ascii: X-Ns-Company: isilog_fr
                                          2024-04-24 08:56:22 UTC19OUTData Raw: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 0d 0a
                                          Data Ascii: Accept-Encoding:
                                          2024-04-24 08:56:22 UTC2OUTData Raw: 0d 0a
                                          Data Ascii:
                                          2024-04-24 08:56:23 UTC114INHTTP/1.1 500 Internal Server Error
                                          Date: Wed, 24 Apr 2024 08:56:22 GMT
                                          Content-Length: 93
                                          Connection: close
                                          2024-04-24 08:56:23 UTC93INData Raw: 3c 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 62 6f 64 79 3e 35 30 30 3a 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <html><title>500: Internal Server Error</title><body>500: Internal Server Error</body></html>


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:10:54:18
                                          Start date:24/04/2024
                                          Path:C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"
                                          Imagebase:0x400000
                                          File size:3'803'704 bytes
                                          MD5 hash:E6C05234F5EAD39C58592299DF449249
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:10:54:19
                                          Start date:24/04/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd" "
                                          Imagebase:0x240000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:10:54:19
                                          Start date:24/04/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:10:54:19
                                          Start date:24/04/2024
                                          Path:C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON
                                          Imagebase:0x7ff64b5c0000
                                          File size:153'160 bytes
                                          MD5 hash:7C289584808ECDA09710B49BD7CE8D54
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:10:54:20
                                          Start date:24/04/2024
                                          Path:C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "C:\Users\user\Desktop"
                                          Imagebase:0x7ff718c40000
                                          File size:10'737'720 bytes
                                          MD5 hash:B248920D9FCF8A0CFE21004D62645F65
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 0%, Virustotal, Browse
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:10:54:21
                                          Start date:24/04/2024
                                          Path:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe -install2 C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\ C:\ProgramData\bomgar-scc-0x6628c8bd\ --installer-pwd C:\Users\user\Desktop
                                          Imagebase:0x7ff64ea30000
                                          File size:10'737'720 bytes
                                          MD5 hash:B248920D9FCF8A0CFE21004D62645F65
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 0%, Virustotal, Browse
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:10:54:23
                                          Start date:24/04/2024
                                          Path:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -proxydetect
                                          Imagebase:0x7ff64ea30000
                                          File size:10'737'720 bytes
                                          MD5 hash:B248920D9FCF8A0CFE21004D62645F65
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:10:54:26
                                          Start date:24/04/2024
                                          Path:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -elevate silent
                                          Imagebase:0x7ff64ea30000
                                          File size:10'737'720 bytes
                                          MD5 hash:B248920D9FCF8A0CFE21004D62645F65
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:10:54:27
                                          Start date:24/04/2024
                                          Path:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -service:run
                                          Imagebase:0x7ff64ea30000
                                          File size:10'737'720 bytes
                                          MD5 hash:B248920D9FCF8A0CFE21004D62645F65
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:9
                                          Start time:10:54:28
                                          Start date:24/04/2024
                                          Path:C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -drone
                                          Imagebase:0x7ff64ea30000
                                          File size:10'737'720 bytes
                                          MD5 hash:B248920D9FCF8A0CFE21004D62645F65
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:17.9%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:22.1%
                                            Total number of Nodes:1260
                                            Total number of Limit Nodes:35
                                            execution_graph 3616 401cc2 3617 402a0c 18 API calls 3616->3617 3618 401cd2 SetWindowLongA 3617->3618 3619 4028be 3618->3619 3620 401a43 3621 402a0c 18 API calls 3620->3621 3622 401a49 3621->3622 3623 402a0c 18 API calls 3622->3623 3624 4019f3 3623->3624 3625 402648 3626 40264b 3625->3626 3629 402663 3625->3629 3627 402658 FindNextFileA 3626->3627 3628 4026a2 3627->3628 3627->3629 3631 405d21 lstrcpynA 3628->3631 3631->3629 3635 401bca 3636 402a0c 18 API calls 3635->3636 3637 401bd1 3636->3637 3638 402a0c 18 API calls 3637->3638 3639 401bdb 3638->3639 3640 401beb 3639->3640 3641 402a29 18 API calls 3639->3641 3642 401bfb 3640->3642 3643 402a29 18 API calls 3640->3643 3641->3640 3644 401c06 3642->3644 3645 401c4a 3642->3645 3643->3642 3646 402a0c 18 API calls 3644->3646 3647 402a29 18 API calls 3645->3647 3649 401c0b 3646->3649 3648 401c4f 3647->3648 3650 402a29 18 API calls 3648->3650 3651 402a0c 18 API calls 3649->3651 3652 401c58 FindWindowExA 3650->3652 3653 401c14 3651->3653 3656 401c76 3652->3656 3654 401c3a SendMessageA 3653->3654 3655 401c1c SendMessageTimeoutA 3653->3655 3654->3656 3655->3656 3657 40514b 3658 4052f7 3657->3658 3659 40516c GetDlgItem GetDlgItem GetDlgItem 3657->3659 3661 405300 GetDlgItem CreateThread CloseHandle 3658->3661 3662 405328 3658->3662 3703 404012 SendMessageA 3659->3703 3661->3662 3663 405353 3662->3663 3665 405375 3662->3665 3666 40533f ShowWindow ShowWindow 3662->3666 3667 4053b1 3663->3667 3670 405364 3663->3670 3671 40538a ShowWindow 3663->3671 3664 4051dd 3668 4051e4 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3664->3668 3712 404044 3665->3712 3708 404012 SendMessageA 3666->3708 3667->3665 3675 4053bc SendMessageA 3667->3675 3673 405253 3668->3673 3674 405237 SendMessageA SendMessageA 3668->3674 3709 403fb6 3670->3709 3678 4053aa 3671->3678 3679 40539c 3671->3679 3680 405266 3673->3680 3681 405258 SendMessageA 3673->3681 3674->3673 3677 405383 3675->3677 3682 4053d5 CreatePopupMenu 3675->3682 3684 403fb6 SendMessageA 3678->3684 3683 40500d 25 API calls 3679->3683 3704 403fdd 3680->3704 3681->3680 3685 405d43 18 API calls 3682->3685 3683->3678 3684->3667 3687 4053e5 AppendMenuA 3685->3687 3689 4053f8 GetWindowRect 3687->3689 3690 40540b 3687->3690 3688 405276 3691 4052b3 GetDlgItem SendMessageA 3688->3691 3692 40527f ShowWindow 3688->3692 3693 405414 TrackPopupMenu 3689->3693 3690->3693 3691->3677 3696 4052da SendMessageA SendMessageA 3691->3696 3694 4052a2 3692->3694 3695 405295 ShowWindow 3692->3695 3693->3677 3697 405432 3693->3697 3707 404012 SendMessageA 3694->3707 3695->3694 3696->3677 3698 40544e SendMessageA 3697->3698 3698->3698 3700 40546b OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3698->3700 3701 40548d SendMessageA 3700->3701 3701->3701 3702 4054ae GlobalUnlock SetClipboardData CloseClipboard 3701->3702 3702->3677 3703->3664 3705 405d43 18 API calls 3704->3705 3706 403fe8 SetDlgItemTextA 3705->3706 3706->3688 3707->3691 3708->3663 3710 403fc3 SendMessageA 3709->3710 3711 403fbd 3709->3711 3710->3665 3711->3710 3713 4040e5 3712->3713 3714 40405c GetWindowLongA 3712->3714 3713->3677 3714->3713 3715 40406d 3714->3715 3716 40407c GetSysColor 3715->3716 3717 40407f 3715->3717 3716->3717 3718 404085 SetTextColor 3717->3718 3719 40408f SetBkMode 3717->3719 3718->3719 3720 4040a7 GetSysColor 3719->3720 3721 4040ad 3719->3721 3720->3721 3722 4040b4 SetBkColor 3721->3722 3723 4040be 3721->3723 3722->3723 3723->3713 3724 4040d1 DeleteObject 3723->3724 3725 4040d8 CreateBrushIndirect 3723->3725 3724->3725 3725->3713 3726 4024cf 3727 402a29 18 API calls 3726->3727 3728 4024d6 3727->3728 3731 4059f8 GetFileAttributesA CreateFileA 3728->3731 3730 4024e2 3731->3730 3732 406a50 3735 4061e1 3732->3735 3733 406262 GlobalFree 3734 40626b GlobalAlloc 3733->3734 3734->3735 3736 406b4c 3734->3736 3735->3733 3735->3734 3735->3735 3735->3736 3737 4062e2 GlobalAlloc 3735->3737 3738 4062d9 GlobalFree 3735->3738 3737->3735 3737->3736 3738->3737 3491 401751 3492 402a29 18 API calls 3491->3492 3493 401758 3492->3493 3494 401776 3493->3494 3495 40177e 3493->3495 3530 405d21 lstrcpynA 3494->3530 3531 405d21 lstrcpynA 3495->3531 3498 40177c 3502 405f83 5 API calls 3498->3502 3499 401789 3500 405814 3 API calls 3499->3500 3501 40178f lstrcatA 3500->3501 3501->3498 3518 40179b 3502->3518 3503 40601c 2 API calls 3503->3518 3504 4059d9 2 API calls 3504->3518 3506 4017b2 CompareFileTime 3506->3518 3507 401876 3508 40500d 25 API calls 3507->3508 3510 401880 3508->3510 3509 40184d 3511 40500d 25 API calls 3509->3511 3520 401862 3509->3520 3513 402f4b 48 API calls 3510->3513 3511->3520 3512 405d21 lstrcpynA 3512->3518 3514 401893 3513->3514 3515 4018a7 SetFileTime 3514->3515 3517 4018b9 FindCloseChangeNotification 3514->3517 3515->3517 3516 405d43 18 API calls 3516->3518 3519 4018ca 3517->3519 3517->3520 3518->3503 3518->3504 3518->3506 3518->3507 3518->3509 3518->3512 3518->3516 3525 4055e2 MessageBoxIndirectA 3518->3525 3529 4059f8 GetFileAttributesA CreateFileA 3518->3529 3521 4018e2 3519->3521 3522 4018cf 3519->3522 3524 405d43 18 API calls 3521->3524 3523 405d43 18 API calls 3522->3523 3526 4018d7 lstrcatA 3523->3526 3527 4018ea 3524->3527 3525->3518 3526->3527 3528 4055e2 MessageBoxIndirectA 3527->3528 3528->3520 3529->3518 3530->3498 3531->3499 3739 401651 3740 402a29 18 API calls 3739->3740 3741 401657 3740->3741 3742 40601c 2 API calls 3741->3742 3743 40165d 3742->3743 3744 401951 3745 402a0c 18 API calls 3744->3745 3746 401958 3745->3746 3747 402a0c 18 API calls 3746->3747 3748 401962 3747->3748 3749 402a29 18 API calls 3748->3749 3750 40196b 3749->3750 3751 40197e lstrlenA 3750->3751 3752 4019b9 3750->3752 3753 401988 3751->3753 3753->3752 3757 405d21 lstrcpynA 3753->3757 3755 4019a2 3755->3752 3756 4019af lstrlenA 3755->3756 3756->3752 3757->3755 3758 4019d2 3759 402a29 18 API calls 3758->3759 3760 4019d9 3759->3760 3761 402a29 18 API calls 3760->3761 3762 4019e2 3761->3762 3763 4019e9 lstrcmpiA 3762->3763 3764 4019fb lstrcmpA 3762->3764 3765 4019ef 3763->3765 3764->3765 3766 402053 3767 402a29 18 API calls 3766->3767 3768 40205a 3767->3768 3769 402a29 18 API calls 3768->3769 3770 402064 3769->3770 3771 402a29 18 API calls 3770->3771 3772 40206d 3771->3772 3773 402a29 18 API calls 3772->3773 3774 402077 3773->3774 3775 402a29 18 API calls 3774->3775 3777 402081 3775->3777 3776 402095 CoCreateInstance 3781 4020b4 3776->3781 3782 40216a 3776->3782 3777->3776 3778 402a29 18 API calls 3777->3778 3778->3776 3779 401423 25 API calls 3780 40219c 3779->3780 3781->3782 3783 402149 MultiByteToWideChar 3781->3783 3782->3779 3782->3780 3783->3782 3784 4043d4 3785 4043e4 3784->3785 3786 40440a 3784->3786 3788 403fdd 19 API calls 3785->3788 3787 404044 8 API calls 3786->3787 3789 404416 3787->3789 3790 4043f1 SetDlgItemTextA 3788->3790 3790->3786 3564 402256 3565 40225e 3564->3565 3568 402264 3564->3568 3566 402a29 18 API calls 3565->3566 3566->3568 3567 402274 3570 402282 3567->3570 3572 402a29 18 API calls 3567->3572 3568->3567 3569 402a29 18 API calls 3568->3569 3569->3567 3571 402a29 18 API calls 3570->3571 3573 40228b WritePrivateProfileStringA 3571->3573 3572->3570 3791 4014d6 3792 402a0c 18 API calls 3791->3792 3793 4014dc Sleep 3792->3793 3795 4028be 3793->3795 3796 40245a 3797 402b33 19 API calls 3796->3797 3798 402464 3797->3798 3799 402a0c 18 API calls 3798->3799 3800 40246d 3799->3800 3801 402490 RegEnumValueA 3800->3801 3802 402484 RegEnumKeyA 3800->3802 3804 40268f 3800->3804 3803 4024a9 RegCloseKey 3801->3803 3801->3804 3802->3803 3803->3804 3806 4022da 3807 40230a 3806->3807 3808 4022df 3806->3808 3809 402a29 18 API calls 3807->3809 3810 402b33 19 API calls 3808->3810 3811 402311 3809->3811 3812 4022e6 3810->3812 3817 402a69 RegOpenKeyExA 3811->3817 3813 402a29 18 API calls 3812->3813 3816 402327 3812->3816 3814 4022f7 RegDeleteValueA RegCloseKey 3813->3814 3814->3816 3821 402a94 3817->3821 3826 402ae0 3817->3826 3818 402aba RegEnumKeyA 3819 402acc RegCloseKey 3818->3819 3818->3821 3822 4060b1 5 API calls 3819->3822 3820 402af1 RegCloseKey 3820->3826 3821->3818 3821->3819 3821->3820 3823 402a69 5 API calls 3821->3823 3824 402adc 3822->3824 3823->3821 3825 402b0c RegDeleteKeyA 3824->3825 3824->3826 3825->3826 3826->3816 3827 40155b 3828 40155f 3827->3828 3831 40159e 3827->3831 3829 401577 ShowWindow 3828->3829 3830 40157e 3828->3830 3829->3830 3830->3831 3832 40158c ShowWindow 3830->3832 3832->3831 3833 40495c GetDlgItem GetDlgItem 3834 4049b0 7 API calls 3833->3834 3841 404bcd 3833->3841 3835 404a56 DeleteObject 3834->3835 3836 404a49 SendMessageA 3834->3836 3837 404a61 3835->3837 3836->3835 3839 404a98 3837->3839 3840 405d43 18 API calls 3837->3840 3838 404cb7 3843 404d66 3838->3843 3852 404d10 SendMessageA 3838->3852 3875 404bc0 3838->3875 3842 403fdd 19 API calls 3839->3842 3844 404a7a SendMessageA SendMessageA 3840->3844 3841->3838 3876 404c41 3841->3876 3886 4048dc SendMessageA 3841->3886 3847 404aac 3842->3847 3845 404d7b 3843->3845 3846 404d6f SendMessageA 3843->3846 3844->3837 3854 404d94 3845->3854 3855 404d8d ImageList_Destroy 3845->3855 3861 404da4 3845->3861 3846->3845 3851 403fdd 19 API calls 3847->3851 3848 404044 8 API calls 3853 404f56 3848->3853 3849 404ca9 SendMessageA 3849->3838 3866 404aba 3851->3866 3857 404d25 SendMessageA 3852->3857 3852->3875 3859 404d9d GlobalFree 3854->3859 3854->3861 3855->3854 3856 404f0a 3862 404f1c ShowWindow GetDlgItem ShowWindow 3856->3862 3856->3875 3858 404d38 3857->3858 3869 404d49 SendMessageA 3858->3869 3859->3861 3860 404b8e GetWindowLongA SetWindowLongA 3863 404ba7 3860->3863 3861->3856 3868 40140b 2 API calls 3861->3868 3878 404dd6 3861->3878 3862->3875 3864 404bc5 3863->3864 3865 404bad ShowWindow 3863->3865 3885 404012 SendMessageA 3864->3885 3884 404012 SendMessageA 3865->3884 3866->3860 3867 404b09 SendMessageA 3866->3867 3870 404b88 3866->3870 3873 404b45 SendMessageA 3866->3873 3874 404b56 SendMessageA 3866->3874 3867->3866 3868->3878 3869->3843 3870->3860 3870->3863 3873->3866 3874->3866 3875->3848 3876->3838 3876->3849 3877 404ee0 InvalidateRect 3877->3856 3879 404ef6 3877->3879 3880 404e04 SendMessageA 3878->3880 3881 404e1a 3878->3881 3891 404897 3879->3891 3880->3881 3881->3877 3883 404e8e SendMessageA SendMessageA 3881->3883 3883->3881 3884->3875 3885->3841 3887 40493b SendMessageA 3886->3887 3888 4048ff GetMessagePos ScreenToClient SendMessageA 3886->3888 3889 404933 3887->3889 3888->3889 3890 404938 3888->3890 3889->3876 3890->3887 3894 4047d2 3891->3894 3893 4048ac 3893->3856 3895 4047e8 3894->3895 3896 405d43 18 API calls 3895->3896 3897 40484c 3896->3897 3898 405d43 18 API calls 3897->3898 3899 404857 3898->3899 3900 405d43 18 API calls 3899->3900 3901 40486d lstrlenA wsprintfA SetDlgItemTextA 3900->3901 3901->3893 3902 404f5d 3903 404f82 3902->3903 3904 404f6b 3902->3904 3907 404f90 IsWindowVisible 3903->3907 3913 404fa7 3903->3913 3905 404f71 3904->3905 3906 404feb 3904->3906 3908 404029 SendMessageA 3905->3908 3909 404ff1 CallWindowProcA 3906->3909 3907->3906 3910 404f9d 3907->3910 3911 404f7b 3908->3911 3909->3911 3912 4048dc 5 API calls 3910->3912 3912->3913 3913->3909 3921 405d21 lstrcpynA 3913->3921 3915 404fd6 3922 405c7f wsprintfA 3915->3922 3917 404fdd 3918 40140b 2 API calls 3917->3918 3919 404fe4 3918->3919 3923 405d21 lstrcpynA 3919->3923 3921->3915 3922->3917 3923->3906 3924 40635d 3926 4061e1 3924->3926 3925 406b4c 3926->3925 3927 406262 GlobalFree 3926->3927 3928 40626b GlobalAlloc 3926->3928 3929 4062e2 GlobalAlloc 3926->3929 3930 4062d9 GlobalFree 3926->3930 3927->3928 3928->3925 3928->3926 3929->3925 3929->3926 3930->3929 3591 401dde 3592 402a29 18 API calls 3591->3592 3593 401de4 3592->3593 3594 402a29 18 API calls 3593->3594 3595 401ded 3594->3595 3596 402a29 18 API calls 3595->3596 3597 401df6 3596->3597 3598 402a29 18 API calls 3597->3598 3599 401dff 3598->3599 3600 401423 25 API calls 3599->3600 3601 401e06 ShellExecuteA 3600->3601 3602 401e33 3601->3602 3931 401cde GetDlgItem GetClientRect 3932 402a29 18 API calls 3931->3932 3933 401d0e LoadImageA SendMessageA 3932->3933 3934 401d2c DeleteObject 3933->3934 3935 4028be 3933->3935 3934->3935 2929 4023e2 2940 402b33 2929->2940 2931 4023ec 2944 402a29 2931->2944 2934 4023ff RegQueryValueExA 2935 40241f 2934->2935 2936 402425 RegCloseKey 2934->2936 2935->2936 2950 405c7f wsprintfA 2935->2950 2938 40268f 2936->2938 2941 402a29 18 API calls 2940->2941 2942 402b4c 2941->2942 2943 402b5a RegOpenKeyExA 2942->2943 2943->2931 2945 402a35 2944->2945 2951 405d43 2945->2951 2948 4023f5 2948->2934 2948->2938 2950->2936 2962 405d50 2951->2962 2952 405f6a 2953 402a56 2952->2953 2986 405d21 lstrcpynA 2952->2986 2953->2948 2970 405f83 2953->2970 2955 405de8 GetVersion 2968 405df5 2955->2968 2956 405f41 lstrlenA 2956->2962 2957 405d43 10 API calls 2957->2956 2961 405e60 GetSystemDirectoryA 2961->2968 2962->2952 2962->2955 2962->2956 2962->2957 2964 405f83 5 API calls 2962->2964 2984 405c7f wsprintfA 2962->2984 2985 405d21 lstrcpynA 2962->2985 2963 405e73 GetWindowsDirectoryA 2963->2968 2964->2962 2965 405d43 10 API calls 2965->2968 2966 405eea lstrcatA 2966->2962 2967 405ea7 SHGetSpecialFolderLocation 2967->2968 2969 405ebf SHGetPathFromIDListA CoTaskMemFree 2967->2969 2968->2961 2968->2962 2968->2963 2968->2965 2968->2966 2968->2967 2979 405c08 RegOpenKeyExA 2968->2979 2969->2968 2977 405f8f 2970->2977 2971 405ff7 2972 405ffb CharPrevA 2971->2972 2974 406016 2971->2974 2972->2971 2973 405fec CharNextA 2973->2971 2973->2977 2974->2948 2976 405fda CharNextA 2976->2977 2977->2971 2977->2973 2977->2976 2978 405fe7 CharNextA 2977->2978 2987 40583f 2977->2987 2978->2973 2980 405c79 2979->2980 2981 405c3b RegQueryValueExA 2979->2981 2980->2968 2982 405c5c RegCloseKey 2981->2982 2982->2980 2984->2962 2985->2962 2986->2953 2988 405845 2987->2988 2989 405858 2988->2989 2990 40584b CharNextA 2988->2990 2989->2977 2990->2988 3936 401ee2 3937 402a29 18 API calls 3936->3937 3938 401ee9 3937->3938 3939 4060b1 5 API calls 3938->3939 3940 401ef8 3939->3940 3941 401f10 GlobalAlloc 3940->3941 3946 401f78 3940->3946 3942 401f24 3941->3942 3941->3946 3943 4060b1 5 API calls 3942->3943 3944 401f2b 3943->3944 3945 4060b1 5 API calls 3944->3945 3947 401f35 3945->3947 3947->3946 3951 405c7f wsprintfA 3947->3951 3949 401f6c 3952 405c7f wsprintfA 3949->3952 3951->3949 3952->3946 3181 40326c SetErrorMode GetVersion 3182 4032a4 3181->3182 3183 4032aa 3181->3183 3184 4060b1 5 API calls 3182->3184 3185 406043 3 API calls 3183->3185 3184->3183 3186 4032c0 lstrlenA 3185->3186 3186->3183 3187 4032cf 3186->3187 3188 4060b1 5 API calls 3187->3188 3189 4032d6 3188->3189 3190 4060b1 5 API calls 3189->3190 3191 4032dd #17 OleInitialize SHGetFileInfoA 3190->3191 3271 405d21 lstrcpynA 3191->3271 3193 40331a GetCommandLineA 3272 405d21 lstrcpynA 3193->3272 3195 40332c GetModuleHandleA 3196 403343 3195->3196 3197 40583f CharNextA 3196->3197 3198 403357 CharNextA 3197->3198 3209 403364 3198->3209 3199 4033d1 3200 4033e4 GetTempPathA 3199->3200 3273 40323b 3200->3273 3202 4033fa 3203 403422 DeleteFileA 3202->3203 3204 4033fe GetWindowsDirectoryA lstrcatA 3202->3204 3283 402ca5 GetTickCount GetModuleFileNameA 3203->3283 3206 40323b 12 API calls 3204->3206 3205 40583f CharNextA 3205->3209 3208 40341a 3206->3208 3208->3203 3213 4034a3 ExitProcess OleUninitialize 3208->3213 3209->3199 3209->3205 3210 4033d3 3209->3210 3370 405d21 lstrcpynA 3210->3370 3211 403436 3211->3213 3214 40348f 3211->3214 3219 40583f CharNextA 3211->3219 3215 4035c7 3213->3215 3216 4034b8 3213->3216 3313 403774 3214->3313 3217 40366a ExitProcess 3215->3217 3222 4060b1 5 API calls 3215->3222 3373 4055e2 3216->3373 3225 40344d 3219->3225 3226 4035da 3222->3226 3228 40346a 3225->3228 3229 4034ce 3225->3229 3227 4060b1 5 API calls 3226->3227 3230 4035e3 3227->3230 3232 4058f5 18 API calls 3228->3232 3377 405569 3229->3377 3233 4060b1 5 API calls 3230->3233 3235 403475 3232->3235 3236 4035ec 3233->3236 3235->3213 3371 405d21 lstrcpynA 3235->3371 3239 40360a 3236->3239 3247 4035fa GetCurrentProcess 3236->3247 3237 4034e4 lstrcatA 3238 4034ef lstrcatA lstrcmpiA 3237->3238 3238->3213 3241 40350b 3238->3241 3240 4060b1 5 API calls 3239->3240 3243 403641 3240->3243 3244 403510 3241->3244 3245 403517 3241->3245 3248 403656 ExitWindowsEx 3243->3248 3253 403663 3243->3253 3380 4054cf CreateDirectoryA 3244->3380 3385 40554c CreateDirectoryA 3245->3385 3246 403484 3372 405d21 lstrcpynA 3246->3372 3247->3239 3248->3217 3248->3253 3393 40140b 3253->3393 3254 40351c SetCurrentDirectoryA 3256 403536 3254->3256 3257 40352b 3254->3257 3389 405d21 lstrcpynA 3256->3389 3388 405d21 lstrcpynA 3257->3388 3260 405d43 18 API calls 3261 403566 DeleteFileA 3260->3261 3262 403573 CopyFileA 3261->3262 3268 403544 3261->3268 3262->3268 3263 4035bb 3264 405a6f 40 API calls 3263->3264 3266 4035c2 3264->3266 3265 405a6f 40 API calls 3265->3268 3266->3213 3267 405d43 18 API calls 3267->3268 3268->3260 3268->3263 3268->3265 3268->3267 3270 4035a7 CloseHandle 3268->3270 3390 405581 CreateProcessA 3268->3390 3270->3268 3271->3193 3272->3195 3274 405f83 5 API calls 3273->3274 3276 403247 3274->3276 3275 403251 3275->3202 3276->3275 3277 405814 3 API calls 3276->3277 3278 403259 3277->3278 3279 40554c 2 API calls 3278->3279 3280 40325f 3279->3280 3396 405a27 3280->3396 3400 4059f8 GetFileAttributesA CreateFileA 3283->3400 3285 402ce8 3312 402cf5 3285->3312 3401 405d21 lstrcpynA 3285->3401 3287 402d0b 3288 40585b 2 API calls 3287->3288 3289 402d11 3288->3289 3402 405d21 lstrcpynA 3289->3402 3291 402d1c GetFileSize 3292 402e1d 3291->3292 3310 402d33 3291->3310 3405 402c06 3292->3405 3296 402e60 GlobalAlloc 3300 402e77 3296->3300 3297 402eb8 3298 402c06 33 API calls 3297->3298 3298->3312 3304 405a27 2 API calls 3300->3304 3301 402e41 3302 4031f2 ReadFile 3301->3302 3305 402e4c 3302->3305 3303 402c06 33 API calls 3303->3310 3306 402e88 CreateFileA 3304->3306 3305->3296 3305->3312 3307 402ec2 3306->3307 3306->3312 3421 403224 SetFilePointer 3307->3421 3309 402ed0 3422 402f4b 3309->3422 3310->3292 3310->3297 3310->3303 3310->3312 3403 4031f2 ReadFile 3310->3403 3312->3211 3314 4060b1 5 API calls 3313->3314 3315 403788 3314->3315 3316 4037a0 3315->3316 3317 40378e 3315->3317 3318 405c08 3 API calls 3316->3318 3474 405c7f wsprintfA 3317->3474 3319 4037c1 3318->3319 3321 4037df lstrcatA 3319->3321 3323 405c08 3 API calls 3319->3323 3322 40379e 3321->3322 3465 403a3d 3322->3465 3323->3321 3326 4058f5 18 API calls 3328 403811 3326->3328 3327 40389a 3329 4058f5 18 API calls 3327->3329 3328->3327 3330 405c08 3 API calls 3328->3330 3331 4038a0 3329->3331 3332 40383d 3330->3332 3333 4038b0 LoadImageA 3331->3333 3334 405d43 18 API calls 3331->3334 3332->3327 3337 403859 lstrlenA 3332->3337 3340 40583f CharNextA 3332->3340 3335 403964 3333->3335 3336 4038db RegisterClassA 3333->3336 3334->3333 3339 40140b 2 API calls 3335->3339 3338 403917 SystemParametersInfoA CreateWindowExA 3336->3338 3368 40349f 3336->3368 3341 403867 lstrcmpiA 3337->3341 3342 40388d 3337->3342 3338->3335 3343 40396a 3339->3343 3345 403857 3340->3345 3341->3342 3346 403877 GetFileAttributesA 3341->3346 3344 405814 3 API calls 3342->3344 3347 403a3d 19 API calls 3343->3347 3343->3368 3348 403893 3344->3348 3345->3337 3349 403883 3346->3349 3351 40397b 3347->3351 3475 405d21 lstrcpynA 3348->3475 3349->3342 3350 40585b 2 API calls 3349->3350 3350->3342 3353 403987 ShowWindow 3351->3353 3354 403a0a 3351->3354 3356 406043 3 API calls 3353->3356 3476 4050df OleInitialize 3354->3476 3358 40399f 3356->3358 3357 403a10 3359 403a14 3357->3359 3360 403a2c 3357->3360 3361 4039ad GetClassInfoA 3358->3361 3363 406043 3 API calls 3358->3363 3366 40140b 2 API calls 3359->3366 3359->3368 3362 40140b 2 API calls 3360->3362 3364 4039c1 GetClassInfoA RegisterClassA 3361->3364 3365 4039d7 DialogBoxParamA 3361->3365 3362->3368 3363->3361 3364->3365 3367 40140b 2 API calls 3365->3367 3366->3368 3369 4039ff 3367->3369 3368->3213 3369->3368 3370->3200 3371->3246 3372->3214 3374 4055f7 3373->3374 3375 4034c6 ExitProcess 3374->3375 3376 40560b MessageBoxIndirectA 3374->3376 3376->3375 3378 4060b1 5 API calls 3377->3378 3379 4034d3 lstrcatA 3378->3379 3379->3237 3379->3238 3381 405520 GetLastError 3380->3381 3382 403515 3380->3382 3381->3382 3383 40552f SetFileSecurityA 3381->3383 3382->3254 3383->3382 3384 405545 GetLastError 3383->3384 3384->3382 3386 405560 GetLastError 3385->3386 3387 40555c 3385->3387 3386->3387 3387->3254 3388->3256 3389->3268 3391 4055b0 CloseHandle 3390->3391 3392 4055bc 3390->3392 3391->3392 3392->3268 3394 401389 2 API calls 3393->3394 3395 401420 3394->3395 3395->3217 3397 405a32 GetTickCount GetTempFileNameA 3396->3397 3398 40326a 3397->3398 3399 405a5e 3397->3399 3398->3202 3399->3397 3399->3398 3400->3285 3401->3287 3402->3291 3404 403213 3403->3404 3404->3310 3406 402c14 3405->3406 3407 402c2c 3405->3407 3408 402c24 3406->3408 3409 402c1d DestroyWindow 3406->3409 3410 402c34 3407->3410 3411 402c3c GetTickCount 3407->3411 3408->3296 3408->3312 3420 403224 SetFilePointer 3408->3420 3409->3408 3437 4060ed 3410->3437 3411->3408 3413 402c4a 3411->3413 3414 402c52 3413->3414 3415 402c7f CreateDialogParamA ShowWindow 3413->3415 3414->3408 3441 402bea 3414->3441 3415->3408 3417 402c60 wsprintfA 3418 40500d 25 API calls 3417->3418 3419 402c7d 3418->3419 3419->3408 3420->3301 3421->3309 3423 402f78 3422->3423 3424 402f5c SetFilePointer 3422->3424 3444 403076 GetTickCount 3423->3444 3424->3423 3427 402f89 ReadFile 3428 403035 3427->3428 3429 402fa9 3427->3429 3428->3312 3429->3428 3430 403076 43 API calls 3429->3430 3431 402fc0 3430->3431 3431->3428 3432 40303b ReadFile 3431->3432 3434 402fd0 3431->3434 3432->3428 3434->3428 3435 402feb ReadFile 3434->3435 3436 403004 WriteFile 3434->3436 3435->3428 3435->3434 3436->3428 3436->3434 3438 40610a PeekMessageA 3437->3438 3439 406100 DispatchMessageA 3438->3439 3440 40611a 3438->3440 3439->3438 3440->3408 3442 402bf9 3441->3442 3443 402bfb MulDiv 3441->3443 3442->3443 3443->3417 3445 4031e0 3444->3445 3446 4030a5 3444->3446 3447 402c06 33 API calls 3445->3447 3457 403224 SetFilePointer 3446->3457 3454 402f81 3447->3454 3449 4030b0 SetFilePointer 3453 4030d5 3449->3453 3450 4031f2 ReadFile 3450->3453 3452 402c06 33 API calls 3452->3453 3453->3450 3453->3452 3453->3454 3455 40316a WriteFile 3453->3455 3456 4031c1 SetFilePointer 3453->3456 3458 4061ae 3453->3458 3454->3427 3454->3428 3455->3453 3455->3454 3456->3445 3457->3449 3459 4061d3 3458->3459 3462 4061db 3458->3462 3459->3453 3460 406262 GlobalFree 3461 40626b GlobalAlloc 3460->3461 3461->3459 3461->3462 3462->3459 3462->3460 3462->3461 3463 4062e2 GlobalAlloc 3462->3463 3464 4062d9 GlobalFree 3462->3464 3463->3459 3463->3462 3464->3463 3466 403a51 3465->3466 3483 405c7f wsprintfA 3466->3483 3468 403ac2 3469 405d43 18 API calls 3468->3469 3470 403ace SetWindowTextA 3469->3470 3471 4037ef 3470->3471 3472 403aea 3470->3472 3471->3326 3472->3471 3473 405d43 18 API calls 3472->3473 3473->3472 3474->3322 3475->3327 3484 404029 3476->3484 3478 405129 3479 404029 SendMessageA 3478->3479 3480 40513b OleUninitialize 3479->3480 3480->3357 3481 405102 3481->3478 3487 401389 3481->3487 3483->3468 3485 404041 3484->3485 3486 404032 SendMessageA 3484->3486 3485->3481 3486->3485 3489 401390 3487->3489 3488 4013fe 3488->3481 3489->3488 3490 4013cb MulDiv SendMessageA 3489->3490 3490->3489 3960 40476c 3961 404798 3960->3961 3962 40477c 3960->3962 3964 4047cb 3961->3964 3965 40479e SHGetPathFromIDListA 3961->3965 3971 4055c6 GetDlgItemTextA 3962->3971 3967 4047ae 3965->3967 3970 4047b5 SendMessageA 3965->3970 3966 404789 SendMessageA 3966->3961 3968 40140b 2 API calls 3967->3968 3968->3970 3970->3964 3971->3966 3972 402b6e 3973 402b7d SetTimer 3972->3973 3975 402b96 3972->3975 3973->3975 3974 402be4 3975->3974 3976 402bea MulDiv 3975->3976 3977 402ba4 wsprintfA SetWindowTextA SetDlgItemTextA 3976->3977 3977->3974 3979 4014f0 SetForegroundWindow 3980 4028be 3979->3980 3532 4024f1 3533 4024f6 3532->3533 3534 402507 3532->3534 3541 402a0c 3533->3541 3536 402a29 18 API calls 3534->3536 3537 40250e lstrlenA 3536->3537 3538 4024fd 3537->3538 3539 40252d WriteFile 3538->3539 3540 40268f 3538->3540 3539->3540 3542 405d43 18 API calls 3541->3542 3543 402a20 3542->3543 3543->3538 3981 402671 3982 402a29 18 API calls 3981->3982 3983 402678 FindFirstFileA 3982->3983 3984 40269b 3983->3984 3988 40268b 3983->3988 3985 4026a2 3984->3985 3989 405c7f wsprintfA 3984->3989 3990 405d21 lstrcpynA 3985->3990 3989->3985 3990->3988 3991 4040f1 lstrcpynA lstrlenA 3997 4018f5 3998 40192c 3997->3998 3999 402a29 18 API calls 3998->3999 4000 401931 3999->4000 4001 405646 70 API calls 4000->4001 4002 40193a 4001->4002 4003 4018f8 4004 402a29 18 API calls 4003->4004 4005 4018ff 4004->4005 4006 4055e2 MessageBoxIndirectA 4005->4006 4007 401908 4006->4007 4015 4014fe 4016 401506 4015->4016 4017 401519 4015->4017 4018 402a0c 18 API calls 4016->4018 4018->4017 4019 4025ff 4020 402606 4019->4020 4021 40286b 4019->4021 4022 402a0c 18 API calls 4020->4022 4023 402611 4022->4023 4024 402618 SetFilePointer 4023->4024 4024->4021 4025 402628 4024->4025 4027 405c7f wsprintfA 4025->4027 4027->4021 4028 401000 4029 401037 BeginPaint GetClientRect 4028->4029 4030 40100c DefWindowProcA 4028->4030 4032 4010f3 4029->4032 4033 401179 4030->4033 4034 401073 CreateBrushIndirect FillRect DeleteObject 4032->4034 4035 4010fc 4032->4035 4034->4032 4036 401102 CreateFontIndirectA 4035->4036 4037 401167 EndPaint 4035->4037 4036->4037 4038 401112 6 API calls 4036->4038 4037->4033 4038->4037 2991 403682 2992 403693 CloseHandle 2991->2992 2993 40369d 2991->2993 2992->2993 2994 4036b1 2993->2994 2995 4036a7 CloseHandle 2993->2995 3000 4036df 2994->3000 2995->2994 3001 4036ed 3000->3001 3002 4036b6 3001->3002 3003 4036f2 FreeLibrary GlobalFree 3001->3003 3004 405646 3002->3004 3003->3002 3003->3003 3045 4058f5 3004->3045 3007 405663 DeleteFileA 3009 4036c2 3007->3009 3008 40567a 3010 4057af 3008->3010 3059 405d21 lstrcpynA 3008->3059 3010->3009 3064 40601c FindFirstFileA 3010->3064 3012 4056a4 3013 4056b5 3012->3013 3014 4056a8 lstrcatA 3012->3014 3070 40585b lstrlenA 3013->3070 3016 4056bb 3014->3016 3019 4056c9 lstrcatA 3016->3019 3020 4056d4 lstrlenA FindFirstFileA 3016->3020 3019->3020 3020->3010 3028 4056f8 3020->3028 3023 40583f CharNextA 3023->3028 3024 4059d9 2 API calls 3025 4057e4 RemoveDirectoryA 3024->3025 3026 405806 3025->3026 3027 4057ef 3025->3027 3032 40500d 25 API calls 3026->3032 3027->3009 3031 4057f5 3027->3031 3028->3023 3029 40578e FindNextFileA 3028->3029 3038 405646 61 API calls 3028->3038 3041 40500d 25 API calls 3028->3041 3044 40576c 3028->3044 3060 405d21 lstrcpynA 3028->3060 3061 4059d9 GetFileAttributesA 3028->3061 3029->3028 3033 4057a6 FindClose 3029->3033 3034 40500d 25 API calls 3031->3034 3032->3009 3033->3010 3035 4057fd 3034->3035 3036 405a6f 40 API calls 3035->3036 3039 405804 3036->3039 3038->3028 3039->3009 3041->3029 3044->3029 3074 40500d 3044->3074 3085 405a6f 3044->3085 3111 405d21 lstrcpynA 3045->3111 3047 405906 3112 4058a8 CharNextA CharNextA 3047->3112 3050 40565a 3050->3007 3050->3008 3051 405f83 5 API calls 3054 40591c 3051->3054 3052 405947 lstrlenA 3053 405952 3052->3053 3052->3054 3056 405814 3 API calls 3053->3056 3054->3050 3054->3052 3055 40601c 2 API calls 3054->3055 3058 40585b 2 API calls 3054->3058 3055->3054 3057 405957 GetFileAttributesA 3056->3057 3057->3050 3058->3052 3059->3012 3060->3028 3062 40575b DeleteFileA 3061->3062 3063 4059e8 SetFileAttributesA 3061->3063 3062->3028 3063->3062 3065 406032 FindClose 3064->3065 3066 4057d4 3064->3066 3065->3066 3066->3009 3067 405814 lstrlenA CharPrevA 3066->3067 3068 4057de 3067->3068 3069 40582e lstrcatA 3067->3069 3068->3024 3069->3068 3071 405868 3070->3071 3072 405879 3071->3072 3073 40586d CharPrevA 3071->3073 3072->3016 3073->3071 3073->3072 3075 405028 3074->3075 3084 4050cb 3074->3084 3076 405045 lstrlenA 3075->3076 3077 405d43 18 API calls 3075->3077 3078 405053 lstrlenA 3076->3078 3079 40506e 3076->3079 3077->3076 3080 405065 lstrcatA 3078->3080 3078->3084 3081 405081 3079->3081 3082 405074 SetWindowTextA 3079->3082 3080->3079 3083 405087 SendMessageA SendMessageA SendMessageA 3081->3083 3081->3084 3082->3081 3083->3084 3084->3044 3118 4060b1 GetModuleHandleA 3085->3118 3088 405ad7 GetShortPathNameA 3090 405aec 3088->3090 3091 405bcc 3088->3091 3090->3091 3093 405af4 wsprintfA 3090->3093 3091->3044 3092 405abb CloseHandle GetShortPathNameA 3092->3091 3094 405acf 3092->3094 3095 405d43 18 API calls 3093->3095 3094->3088 3094->3091 3096 405b1c 3095->3096 3125 4059f8 GetFileAttributesA CreateFileA 3096->3125 3098 405b29 3098->3091 3099 405b38 GetFileSize GlobalAlloc 3098->3099 3100 405bc5 CloseHandle 3099->3100 3101 405b56 ReadFile 3099->3101 3100->3091 3101->3100 3102 405b6a 3101->3102 3102->3100 3126 40596d lstrlenA 3102->3126 3105 405bd9 3107 40596d 4 API calls 3105->3107 3106 405b7f 3131 405d21 lstrcpynA 3106->3131 3109 405b8d 3107->3109 3110 405ba0 SetFilePointer WriteFile GlobalFree 3109->3110 3110->3100 3111->3047 3113 4058c2 3112->3113 3117 4058ce 3112->3117 3114 4058c9 CharNextA 3113->3114 3113->3117 3115 4058eb 3114->3115 3115->3050 3115->3051 3116 40583f CharNextA 3116->3117 3117->3115 3117->3116 3119 4060d7 GetProcAddress 3118->3119 3120 4060cd 3118->3120 3122 405a7a 3119->3122 3132 406043 GetSystemDirectoryA 3120->3132 3122->3088 3122->3091 3124 4059f8 GetFileAttributesA CreateFileA 3122->3124 3123 4060d3 3123->3119 3123->3122 3124->3092 3125->3098 3127 4059a3 lstrlenA 3126->3127 3128 405981 lstrcmpiA 3127->3128 3129 4059ad 3127->3129 3128->3129 3130 40599a CharNextA 3128->3130 3129->3105 3129->3106 3130->3127 3131->3109 3133 406065 wsprintfA LoadLibraryExA 3132->3133 3133->3123 4039 401b02 4040 402a29 18 API calls 4039->4040 4041 401b09 4040->4041 4042 402a0c 18 API calls 4041->4042 4043 401b12 wsprintfA 4042->4043 4044 4028be 4043->4044 4045 401a03 4046 402a29 18 API calls 4045->4046 4047 401a0c ExpandEnvironmentStringsA 4046->4047 4048 401a20 4047->4048 4050 401a33 4047->4050 4049 401a25 lstrcmpA 4048->4049 4048->4050 4049->4050 3135 401f84 3136 401f96 3135->3136 3138 402045 3135->3138 3137 402a29 18 API calls 3136->3137 3140 401f9d 3137->3140 3139 401423 25 API calls 3138->3139 3146 40219c 3139->3146 3141 402a29 18 API calls 3140->3141 3142 401fa6 3141->3142 3143 401fbb LoadLibraryExA 3142->3143 3144 401fae GetModuleHandleA 3142->3144 3143->3138 3145 401fcb GetProcAddress 3143->3145 3144->3143 3144->3145 3147 402018 3145->3147 3148 401fdb 3145->3148 3149 40500d 25 API calls 3147->3149 3151 401feb 3148->3151 3153 401423 3148->3153 3149->3151 3151->3146 3152 402039 FreeLibrary 3151->3152 3152->3146 3154 40500d 25 API calls 3153->3154 3155 401431 3154->3155 3155->3151 3171 401389 3173 401390 3171->3173 3172 4013fe 3173->3172 3174 4013cb MulDiv SendMessageA 3173->3174 3174->3173 4051 403b0a 4052 403b22 4051->4052 4053 403c5d 4051->4053 4052->4053 4054 403b2e 4052->4054 4055 403cae 4053->4055 4056 403c6e GetDlgItem GetDlgItem 4053->4056 4058 403b39 SetWindowPos 4054->4058 4059 403b4c 4054->4059 4057 403d08 4055->4057 4065 401389 2 API calls 4055->4065 4060 403fdd 19 API calls 4056->4060 4061 404029 SendMessageA 4057->4061 4066 403c58 4057->4066 4058->4059 4062 403b51 ShowWindow 4059->4062 4063 403b69 4059->4063 4064 403c98 SetClassLongA 4060->4064 4088 403d1a 4061->4088 4062->4063 4067 403b71 DestroyWindow 4063->4067 4068 403b8b 4063->4068 4069 40140b 2 API calls 4064->4069 4073 403ce0 4065->4073 4070 403f66 4067->4070 4071 403b90 SetWindowLongA 4068->4071 4072 403ba1 4068->4072 4069->4055 4070->4066 4082 403f97 ShowWindow 4070->4082 4071->4066 4074 403c18 4072->4074 4075 403bad GetDlgItem 4072->4075 4073->4057 4076 403ce4 SendMessageA 4073->4076 4081 404044 8 API calls 4074->4081 4079 403bc0 SendMessageA IsWindowEnabled 4075->4079 4080 403bdd 4075->4080 4076->4066 4077 40140b 2 API calls 4077->4088 4078 403f68 DestroyWindow EndDialog 4078->4070 4079->4066 4079->4080 4084 403bea 4080->4084 4086 403c31 SendMessageA 4080->4086 4087 403bfd 4080->4087 4094 403be2 4080->4094 4081->4066 4082->4066 4083 405d43 18 API calls 4083->4088 4084->4086 4084->4094 4085 403fb6 SendMessageA 4085->4074 4086->4074 4089 403c05 4087->4089 4090 403c1a 4087->4090 4088->4066 4088->4077 4088->4078 4088->4083 4091 403fdd 19 API calls 4088->4091 4095 403fdd 19 API calls 4088->4095 4110 403ea8 DestroyWindow 4088->4110 4093 40140b 2 API calls 4089->4093 4092 40140b 2 API calls 4090->4092 4091->4088 4092->4094 4093->4094 4094->4074 4094->4085 4096 403d95 GetDlgItem 4095->4096 4097 403db2 ShowWindow EnableWindow 4096->4097 4098 403daa 4096->4098 4119 403fff EnableWindow 4097->4119 4098->4097 4100 403ddc EnableWindow 4103 403df0 4100->4103 4101 403df5 GetSystemMenu EnableMenuItem SendMessageA 4102 403e25 SendMessageA 4101->4102 4101->4103 4102->4103 4103->4101 4120 404012 SendMessageA 4103->4120 4121 405d21 lstrcpynA 4103->4121 4106 403e53 lstrlenA 4107 405d43 18 API calls 4106->4107 4108 403e64 SetWindowTextA 4107->4108 4109 401389 2 API calls 4108->4109 4109->4088 4110->4070 4111 403ec2 CreateDialogParamA 4110->4111 4111->4070 4112 403ef5 4111->4112 4113 403fdd 19 API calls 4112->4113 4114 403f00 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4113->4114 4115 401389 2 API calls 4114->4115 4116 403f46 4115->4116 4116->4066 4117 403f4e ShowWindow 4116->4117 4118 404029 SendMessageA 4117->4118 4118->4070 4119->4100 4120->4103 4121->4106 4122 401c8a 4123 402a0c 18 API calls 4122->4123 4124 401c90 IsWindow 4123->4124 4125 4019f3 4124->4125 4126 401490 4127 40500d 25 API calls 4126->4127 4128 401497 4127->4128 4143 401595 4144 402a29 18 API calls 4143->4144 4145 40159c SetFileAttributesA 4144->4145 4146 4015ae 4145->4146 4147 401717 4148 402a29 18 API calls 4147->4148 4149 40171e SearchPathA 4148->4149 4150 401739 4149->4150 4151 402899 SendMessageA 4152 4028b3 InvalidateRect 4151->4152 4153 4028be 4151->4153 4152->4153 4161 40229a 4162 402a29 18 API calls 4161->4162 4163 4022a8 4162->4163 4164 402a29 18 API calls 4163->4164 4165 4022b1 4164->4165 4166 402a29 18 API calls 4165->4166 4167 4022bb GetPrivateProfileStringA 4166->4167 4168 40441b 4169 404447 4168->4169 4170 404458 4168->4170 4229 4055c6 GetDlgItemTextA 4169->4229 4171 404464 GetDlgItem 4170->4171 4178 4044c3 4170->4178 4173 404478 4171->4173 4177 40448c SetWindowTextA 4173->4177 4181 4058a8 4 API calls 4173->4181 4174 4045a7 4227 404751 4174->4227 4231 4055c6 GetDlgItemTextA 4174->4231 4175 404452 4176 405f83 5 API calls 4175->4176 4176->4170 4182 403fdd 19 API calls 4177->4182 4178->4174 4183 405d43 18 API calls 4178->4183 4178->4227 4180 404044 8 API calls 4185 404765 4180->4185 4186 404482 4181->4186 4187 4044a8 4182->4187 4188 404537 SHBrowseForFolderA 4183->4188 4184 4045d7 4189 4058f5 18 API calls 4184->4189 4186->4177 4193 405814 3 API calls 4186->4193 4190 403fdd 19 API calls 4187->4190 4188->4174 4191 40454f CoTaskMemFree 4188->4191 4192 4045dd 4189->4192 4194 4044b6 4190->4194 4195 405814 3 API calls 4191->4195 4232 405d21 lstrcpynA 4192->4232 4193->4177 4230 404012 SendMessageA 4194->4230 4197 40455c 4195->4197 4201 404593 SetDlgItemTextA 4197->4201 4204 405d43 18 API calls 4197->4204 4199 4045f4 4203 4060b1 5 API calls 4199->4203 4200 4044bc 4202 4060b1 5 API calls 4200->4202 4201->4174 4202->4178 4205 4045fb 4203->4205 4206 40457b lstrcmpiA 4204->4206 4207 404637 4205->4207 4215 40585b 2 API calls 4205->4215 4216 40468f 4205->4216 4206->4201 4208 40458c lstrcatA 4206->4208 4233 405d21 lstrcpynA 4207->4233 4208->4201 4210 40463e 4211 4058a8 4 API calls 4210->4211 4212 404644 GetDiskFreeSpaceA 4211->4212 4214 404668 MulDiv 4212->4214 4212->4216 4214->4216 4215->4205 4217 404700 4216->4217 4219 404897 21 API calls 4216->4219 4218 404723 4217->4218 4221 40140b 2 API calls 4217->4221 4234 403fff EnableWindow 4218->4234 4220 4046ed 4219->4220 4222 404702 SetDlgItemTextA 4220->4222 4223 4046f2 4220->4223 4221->4218 4222->4217 4225 4047d2 21 API calls 4223->4225 4225->4217 4226 40473f 4226->4227 4235 4043b0 4226->4235 4227->4180 4229->4175 4230->4200 4231->4184 4232->4199 4233->4210 4234->4226 4236 4043c3 SendMessageA 4235->4236 4237 4043be 4235->4237 4236->4227 4237->4236 4238 40149d 4239 4014ab PostQuitMessage 4238->4239 4240 402241 4238->4240 4239->4240 3156 4021a5 3157 402a29 18 API calls 3156->3157 3158 4021ab 3157->3158 3159 402a29 18 API calls 3158->3159 3160 4021b4 3159->3160 3161 402a29 18 API calls 3160->3161 3162 4021bd 3161->3162 3163 40601c 2 API calls 3162->3163 3164 4021c6 3163->3164 3165 4021d7 lstrlenA lstrlenA 3164->3165 3169 4021ca 3164->3169 3167 40500d 25 API calls 3165->3167 3166 40500d 25 API calls 3170 4021d2 3166->3170 3168 402213 SHFileOperationA 3167->3168 3168->3169 3168->3170 3169->3166 3169->3170 4241 404125 4242 40413b 4241->4242 4250 404248 4241->4250 4246 403fdd 19 API calls 4242->4246 4243 4042b7 4244 4042c1 GetDlgItem 4243->4244 4245 40438b 4243->4245 4248 4042d7 4244->4248 4249 404349 4244->4249 4251 404044 8 API calls 4245->4251 4247 404191 4246->4247 4252 403fdd 19 API calls 4247->4252 4248->4249 4255 4042fd 6 API calls 4248->4255 4249->4245 4256 40435b 4249->4256 4250->4243 4250->4245 4253 40428c GetDlgItem SendMessageA 4250->4253 4264 404386 4251->4264 4254 40419e CheckDlgButton 4252->4254 4272 403fff EnableWindow 4253->4272 4270 403fff EnableWindow 4254->4270 4255->4249 4259 404361 SendMessageA 4256->4259 4260 404372 4256->4260 4259->4260 4260->4264 4265 404378 SendMessageA 4260->4265 4261 4042b2 4262 4043b0 SendMessageA 4261->4262 4262->4243 4263 4041bc GetDlgItem 4271 404012 SendMessageA 4263->4271 4265->4264 4267 4041d2 SendMessageA 4268 4041f0 GetSysColor 4267->4268 4269 4041f9 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4267->4269 4268->4269 4269->4264 4270->4263 4271->4267 4272->4261 4273 402227 4274 40222e 4273->4274 4277 402241 4273->4277 4275 405d43 18 API calls 4274->4275 4276 40223b 4275->4276 4278 4055e2 MessageBoxIndirectA 4276->4278 4278->4277 4279 401ca7 4280 402a0c 18 API calls 4279->4280 4281 401cae 4280->4281 4282 402a0c 18 API calls 4281->4282 4283 401cb6 GetDlgItem 4282->4283 4284 4024eb 4283->4284 4292 40262e 4293 4028be 4292->4293 4294 402635 4292->4294 4295 40263b FindClose 4294->4295 4295->4293 4296 4026af 4297 402a29 18 API calls 4296->4297 4299 4026bd 4297->4299 4298 4026d3 4300 4059d9 2 API calls 4298->4300 4299->4298 4301 402a29 18 API calls 4299->4301 4302 4026d9 4300->4302 4301->4298 4322 4059f8 GetFileAttributesA CreateFileA 4302->4322 4304 4026e6 4305 4026f2 GlobalAlloc 4304->4305 4306 40278f 4304->4306 4307 402786 CloseHandle 4305->4307 4308 40270b 4305->4308 4309 402797 DeleteFileA 4306->4309 4310 4027aa 4306->4310 4307->4306 4323 403224 SetFilePointer 4308->4323 4309->4310 4312 402711 4313 4031f2 ReadFile 4312->4313 4314 40271a GlobalAlloc 4313->4314 4315 40272a 4314->4315 4316 40275e WriteFile GlobalFree 4314->4316 4318 402f4b 48 API calls 4315->4318 4317 402f4b 48 API calls 4316->4317 4319 402783 4317->4319 4321 402737 4318->4321 4319->4307 4320 402755 GlobalFree 4320->4316 4321->4320 4322->4304 4323->4312 4324 403732 4325 40373d 4324->4325 4326 403741 4325->4326 4327 403744 GlobalAlloc 4325->4327 4327->4326 4328 401eb2 4329 402a29 18 API calls 4328->4329 4330 401eb9 4329->4330 4331 40601c 2 API calls 4330->4331 4332 401ebf 4331->4332 4334 401ed1 4332->4334 4335 405c7f wsprintfA 4332->4335 4335->4334 3544 4015b3 3545 402a29 18 API calls 3544->3545 3546 4015ba 3545->3546 3547 4058a8 4 API calls 3546->3547 3559 4015c2 3547->3559 3548 40161c 3550 401621 3548->3550 3551 40164a 3548->3551 3549 40583f CharNextA 3549->3559 3552 401423 25 API calls 3550->3552 3553 401423 25 API calls 3551->3553 3554 401628 3552->3554 3560 401642 3553->3560 3563 405d21 lstrcpynA 3554->3563 3556 40554c 2 API calls 3556->3559 3557 405569 5 API calls 3557->3559 3558 401633 SetCurrentDirectoryA 3558->3560 3559->3548 3559->3549 3559->3556 3559->3557 3561 401604 GetFileAttributesA 3559->3561 3562 4054cf 4 API calls 3559->3562 3561->3559 3562->3559 3563->3558 4336 4016b3 4337 402a29 18 API calls 4336->4337 4338 4016b9 GetFullPathNameA 4337->4338 4339 4016f1 4338->4339 4340 4016d0 4338->4340 4341 401705 GetShortPathNameA 4339->4341 4342 4028be 4339->4342 4340->4339 4343 40601c 2 API calls 4340->4343 4341->4342 4344 4016e1 4343->4344 4344->4339 4346 405d21 lstrcpynA 4344->4346 4346->4339 4347 402336 4348 40233c 4347->4348 4349 402a29 18 API calls 4348->4349 4350 40234e 4349->4350 4351 402a29 18 API calls 4350->4351 4352 402358 RegCreateKeyExA 4351->4352 4353 402382 4352->4353 4354 4028be 4352->4354 4355 40239a 4353->4355 4357 402a29 18 API calls 4353->4357 4356 4023a6 4355->4356 4358 402a0c 18 API calls 4355->4358 4359 4023c1 RegSetValueExA 4356->4359 4361 402f4b 48 API calls 4356->4361 4360 402393 lstrlenA 4357->4360 4358->4356 4362 4023d7 RegCloseKey 4359->4362 4360->4355 4361->4359 4362->4354 4364 402836 4365 402a0c 18 API calls 4364->4365 4366 40283c 4365->4366 4367 40286d 4366->4367 4369 40268f 4366->4369 4370 40284a 4366->4370 4368 405d43 18 API calls 4367->4368 4367->4369 4368->4369 4370->4369 4372 405c7f wsprintfA 4370->4372 4372->4369 4373 4014b7 4374 4014bd 4373->4374 4375 401389 2 API calls 4374->4375 4376 4014c5 4375->4376 3574 401e38 3575 402a29 18 API calls 3574->3575 3576 401e3e 3575->3576 3577 40500d 25 API calls 3576->3577 3578 401e48 3577->3578 3579 405581 2 API calls 3578->3579 3581 401e4e 3579->3581 3580 401ea4 CloseHandle 3584 40268f 3580->3584 3581->3580 3582 401e6d WaitForSingleObject 3581->3582 3581->3584 3585 4060ed 2 API calls 3581->3585 3582->3581 3583 401e7b GetExitCodeProcess 3582->3583 3586 401e98 3583->3586 3587 401e8d 3583->3587 3585->3582 3586->3580 3589 401e96 3586->3589 3590 405c7f wsprintfA 3587->3590 3589->3580 3590->3589 4377 401d38 GetDC GetDeviceCaps 4378 402a0c 18 API calls 4377->4378 4379 401d54 MulDiv 4378->4379 4380 402a0c 18 API calls 4379->4380 4381 401d69 4380->4381 4382 405d43 18 API calls 4381->4382 4383 401da2 CreateFontIndirectA 4382->4383 4384 4024eb 4383->4384 4385 402539 4386 402a0c 18 API calls 4385->4386 4390 402543 4386->4390 4387 4025b9 4388 402577 ReadFile 4388->4387 4388->4390 4389 4025bb 4394 405c7f wsprintfA 4389->4394 4390->4387 4390->4388 4390->4389 4391 4025cb 4390->4391 4391->4387 4393 4025e1 SetFilePointer 4391->4393 4393->4387 4394->4387 3603 40173e 3604 402a29 18 API calls 3603->3604 3605 401745 3604->3605 3606 405a27 2 API calls 3605->3606 3607 40174c 3606->3607 3608 405a27 2 API calls 3607->3608 3608->3607 4395 40193f 4396 402a29 18 API calls 4395->4396 4397 401946 lstrlenA 4396->4397 4398 4024eb 4397->4398

                                            Executed Functions

                                            Function 0040326C Relevance: 82.6, APIs: 27, Strings: 20, Instructions: 315stringfilecomCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 40326c-4032a2 SetErrorMode GetVersion 1 4032a4-4032ac call 4060b1 0->1 2 4032b5 0->2 1->2 7 4032ae 1->7 4 4032ba-4032cd call 406043 lstrlenA 2->4 9 4032cf-403341 call 4060b1 * 2 #17 OleInitialize SHGetFileInfoA call 405d21 GetCommandLineA call 405d21 GetModuleHandleA 4->9 7->2 18 403343-403348 9->18 19 40334d-403362 call 40583f CharNextA 9->19 18->19 22 4033cb-4033cf 19->22 23 4033d1 22->23 24 403364-403367 22->24 27 4033e4-4033fc GetTempPathA call 40323b 23->27 25 403369-40336d 24->25 26 40336f-403377 24->26 25->25 25->26 28 403379-40337a 26->28 29 40337f-403382 26->29 36 403422-40343c DeleteFileA call 402ca5 27->36 37 4033fe-40341c GetWindowsDirectoryA lstrcatA call 40323b 27->37 28->29 31 403384-403388 29->31 32 4033bb-4033c8 call 40583f 29->32 34 40339a-4033a0 31->34 35 40338a-403393 31->35 32->22 49 4033ca 32->49 41 4033b2-4033b9 34->41 42 4033a2-4033ab 34->42 35->34 39 403395 35->39 51 4034a3-4034b2 ExitProcess OleUninitialize 36->51 52 40343e-403444 36->52 37->36 37->51 39->34 41->32 47 4033d3-4033df call 405d21 41->47 42->41 46 4033ad 42->46 46->41 47->27 49->22 55 4035c7-4035cd 51->55 56 4034b8-4034c8 call 4055e2 ExitProcess 51->56 53 403493-40349a call 403774 52->53 54 403446-40344f call 40583f 52->54 64 40349f 53->64 69 40345a-40345c 54->69 57 4035d3-4035f0 call 4060b1 * 3 55->57 58 40366a-403672 55->58 86 4035f2-4035f4 57->86 87 40363a-403648 call 4060b1 57->87 65 403674 58->65 66 403678-40367c ExitProcess 58->66 64->51 65->66 70 403451-403457 69->70 71 40345e-403468 69->71 70->71 76 403459 70->76 73 40346a-403477 call 4058f5 71->73 74 4034ce-4034e2 call 405569 lstrcatA 71->74 73->51 85 403479-40348f call 405d21 * 2 73->85 83 4034e4-4034ea lstrcatA 74->83 84 4034ef-403509 lstrcatA lstrcmpiA 74->84 76->69 83->84 84->51 89 40350b-40350e 84->89 85->53 86->87 91 4035f6-4035f8 86->91 97 403656-403661 ExitWindowsEx 87->97 98 40364a-403654 87->98 93 403510-403515 call 4054cf 89->93 94 403517 call 40554c 89->94 91->87 96 4035fa-40360c GetCurrentProcess 91->96 105 40351c-403529 SetCurrentDirectoryA 93->105 94->105 96->87 111 40360e-403630 96->111 97->58 104 403663-403665 call 40140b 97->104 98->97 98->104 104->58 109 403536-403550 call 405d21 105->109 110 40352b-403531 call 405d21 105->110 116 403555-403571 call 405d43 DeleteFileA 109->116 110->109 111->87 119 4035b2-4035b9 116->119 120 403573-403583 CopyFileA 116->120 119->116 122 4035bb-4035c2 call 405a6f 119->122 120->119 121 403585-4035a5 call 405a6f call 405d43 call 405581 120->121 121->119 131 4035a7-4035ae CloseHandle 121->131 122->51 131->119
                                            APIs
                                            • SetErrorMode.KERNELBASE ref: 00403292
                                            • GetVersion.KERNEL32 ref: 00403298
                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C1
                                            • #17.COMCTL32(0000000B,0000000D), ref: 004032E2
                                            • OleInitialize.OLE32(00000000), ref: 004032E9
                                            • SHGetFileInfoA.SHELL32(0041F518,00000000,?,00000160,00000000), ref: 00403305
                                            • GetCommandLineA.KERNEL32(bomgar Setup,NSIS Error), ref: 0040331A
                                            • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",00000000), ref: 0040332D
                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",00409130), ref: 00403358
                                            • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033EF
                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403404
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403410
                                            • DeleteFileA.KERNELBASE(1033), ref: 00403427
                                              • Part of subcall function 004060B1: GetModuleHandleA.KERNEL32(?,?,?,004032D6,0000000D), ref: 004060C3
                                              • Part of subcall function 004060B1: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                            • ExitProcess.KERNEL32(00000020), ref: 004034A3
                                            • OleUninitialize.OLE32(00000020), ref: 004034A8
                                            • ExitProcess.KERNEL32 ref: 004034C8
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",00000000,00000020), ref: 004034DB
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,004091AC,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",00000000,00000020), ref: 004034EA
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",00000000,00000020), ref: 004034F5
                                            • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 00403501
                                            • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040351D
                                            • DeleteFileA.KERNEL32(0041F118,0041F118,?,00425000,?), ref: 00403567
                                            • CopyFileA.KERNEL32(C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,0041F118,00000001), ref: 0040357B
                                            • CloseHandle.KERNEL32(00000000,0041F118,0041F118,?,0041F118,00000000), ref: 004035A8
                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403601
                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403659
                                            • ExitProcess.KERNEL32 ref: 0040367C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                            • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsuD628.tmpb$C:\Users\user\Desktop$C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$bomgar Setup$~nsu
                                            • API String ID: 1031542678-1233547007
                                            • Opcode ID: df862cf782e6f12dd3637b9710448ae56b2f554b78cf7944bd25a1ff17f1af47
                                            • Instruction ID: 5c64d7e23ad34e65ef941767bafa90ef68eac0ee2a926ec53c77081cf823a0c7
                                            • Opcode Fuzzy Hash: df862cf782e6f12dd3637b9710448ae56b2f554b78cf7944bd25a1ff17f1af47
                                            • Instruction Fuzzy Hash: E7A1D3709043416BD7216FA19C89B2B7EACAF0130AF44497FF541B62D2CB7C9A458A6F
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405646 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 277 405646-405661 call 4058f5 280 405663-405675 DeleteFileA 277->280 281 40567a-405684 277->281 282 40580e-405811 280->282 283 405686-405688 281->283 284 405698-4056a6 call 405d21 281->284 285 4057b9-4057bf 283->285 286 40568e-405692 283->286 290 4056b5-4056b6 call 40585b 284->290 291 4056a8-4056b3 lstrcatA 284->291 285->282 289 4057c1-4057c4 285->289 286->284 286->285 292 4057c6-4057cc 289->292 293 4057ce-4057d6 call 40601c 289->293 295 4056bb-4056be 290->295 291->295 292->282 293->282 300 4057d8-4057ed call 405814 call 4059d9 RemoveDirectoryA 293->300 298 4056c0-4056c7 295->298 299 4056c9-4056cf lstrcatA 295->299 298->299 301 4056d4-4056f2 lstrlenA FindFirstFileA 298->301 299->301 316 405806-405809 call 40500d 300->316 317 4057ef-4057f3 300->317 303 4056f8-40570f call 40583f 301->303 304 4057af-4057b3 301->304 310 405711-405715 303->310 311 40571a-40571d 303->311 304->285 306 4057b5 304->306 306->285 310->311 313 405717 310->313 314 405730-40573e call 405d21 311->314 315 40571f-405724 311->315 313->311 327 405740-405748 314->327 328 405755-405764 call 4059d9 DeleteFileA 314->328 318 405726-405728 315->318 319 40578e-4057a0 FindNextFileA 315->319 316->282 317->292 321 4057f5-405804 call 40500d call 405a6f 317->321 318->314 323 40572a-40572e 318->323 319->303 325 4057a6-4057a9 FindClose 319->325 321->282 323->314 323->319 325->304 327->319 330 40574a-405753 call 405646 327->330 336 405786-405789 call 40500d 328->336 337 405766-40576a 328->337 330->319 336->319 339 40576c-40577c call 40500d call 405a6f 337->339 340 40577e-405784 337->340 339->319 340->319
                                            APIs
                                            • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 00405664
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004056AE
                                            • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004056CF
                                            • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004056D5
                                            • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004056E6
                                            • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405798
                                            • FindClose.KERNEL32(?), ref: 004057A9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                            • String ID: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsuD628.tmp\*.*$\*.*
                                            • API String ID: 2035342205-1567364618
                                            • Opcode ID: 6fc6b45c621bb2c7f153696388167a9f97890da370403d596b9af4dab25e08f4
                                            • Instruction ID: 8acc8c61a42d16d7dfe7788459f963ea449c11c9809693ed7c726d9259c7605b
                                            • Opcode Fuzzy Hash: 6fc6b45c621bb2c7f153696388167a9f97890da370403d596b9af4dab25e08f4
                                            • Instruction Fuzzy Hash: 0151D531844A48A6DB216B718C85BBF3A78CF52718F14807BFC55761D2D73C4982EEAE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040635D Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 529 40635d-406362 530 4063d3-4063f1 529->530 531 406364-406393 529->531 532 4069c9-4069de 530->532 533 406395-406398 531->533 534 40639a-40639e 531->534 535 4069e0-4069f6 532->535 536 4069f8-406a0e 532->536 537 4063aa-4063ad 533->537 538 4063a0-4063a4 534->538 539 4063a6 534->539 540 406a11-406a18 535->540 536->540 541 4063cb-4063ce 537->541 542 4063af-4063b8 537->542 538->537 539->537 544 406a1a-406a1e 540->544 545 406a3f-406a4b 540->545 543 4065a0-4065be 541->543 546 4063ba 542->546 547 4063bd-4063c9 542->547 552 4065c0-4065d4 543->552 553 4065d6-4065e8 543->553 549 406a24-406a3c 544->549 550 406bcd-406bd7 544->550 555 4061e1-4061ea 545->555 546->547 548 406433-406461 547->548 556 406463-40647b 548->556 557 40647d-406497 548->557 549->545 554 406be3-406bf6 550->554 558 4065eb-4065f5 552->558 553->558 560 406bfb-406bff 554->560 563 4061f0 555->563 564 406bf8 555->564 559 40649a-4064a4 556->559 557->559 561 4065f7 558->561 562 406598-40659e 558->562 570 4064aa 559->570 571 40641b-406421 559->571 580 40657d-406595 561->580 581 406b7f-406b89 561->581 562->543 569 40653c-406546 562->569 565 4061f7-4061fb 563->565 566 406337-406358 563->566 567 40629c-4062a0 563->567 568 40630c-406310 563->568 564->560 565->554 573 406201-40620e 565->573 566->532 582 4062a6-4062bf 567->582 583 406b4c-406b56 567->583 574 406316-40632a 568->574 575 406b5b-406b65 568->575 576 406b8b-406b95 569->576 577 40654c-406715 569->577 586 406400-406418 570->586 587 406b67-406b71 570->587 578 4064d4-4064da 571->578 579 406427-40642d 571->579 573->564 585 406214-40625a 573->585 588 40632d-406335 574->588 575->554 576->554 577->555 590 406538 578->590 592 4064dc-4064fa 578->592 579->548 579->590 580->562 581->554 591 4062c2-4062c6 582->591 583->554 593 406282-406284 585->593 594 40625c-406260 585->594 586->571 587->554 588->566 588->568 590->569 591->567 595 4062c8-4062ce 591->595 596 406512-406524 592->596 597 4064fc-406510 592->597 601 406292-40629a 593->601 602 406286-406290 593->602 599 406262-406265 GlobalFree 594->599 600 40626b-406279 GlobalAlloc 594->600 603 4062d0-4062d7 595->603 604 4062f8-40630a 595->604 598 406527-406531 596->598 597->598 598->578 605 406533 598->605 599->600 600->564 606 40627f 600->606 601->591 602->601 602->602 607 4062e2-4062f2 GlobalAlloc 603->607 608 4062d9-4062dc GlobalFree 603->608 604->588 610 406b73-406b7d 605->610 611 4064b9-4064d1 605->611 606->593 607->564 607->604 608->607 610->554 611->578
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bded34eb17a1709c751f3b0d5d91dccc1207e0a7e491dd694bbe2c100b497c86
                                            • Instruction ID: b7ba65492c8209f79a1cfba1734d1295280b0673ba422cd3a5256634c58af87f
                                            • Opcode Fuzzy Hash: bded34eb17a1709c751f3b0d5d91dccc1207e0a7e491dd694bbe2c100b497c86
                                            • Instruction Fuzzy Hash: 87F18671D00229CBCF28CFA8C8946ADBBB0FF45305F25816ED856BB281D7785A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040601C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNELBASE(?,004225B0,C:\,00405938,C:\,C:\,00000000,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 00406027
                                            • FindClose.KERNEL32(00000000), ref: 00406033
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID: C:\
                                            • API String ID: 2295610775-3404278061
                                            • Opcode ID: 412955c50aa7b3f69234b74a60928c8f5b5ca8d79734515bf4ff3709603515b6
                                            • Instruction ID: 6eeade67ecb480b7387a7c0eb9a8db9c700a967c5adc9eb9e234a3c5356b3106
                                            • Opcode Fuzzy Hash: 412955c50aa7b3f69234b74a60928c8f5b5ca8d79734515bf4ff3709603515b6
                                            • Instruction Fuzzy Hash: D9D01231949130ABC310573C6D0C84B7A5D9F553727118A32B426F52E0D7749C6286AE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403774 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 132 403774-40378c call 4060b1 135 4037a0-4037c7 call 405c08 132->135 136 40378e-40379e call 405c7f 132->136 141 4037c9-4037da call 405c08 135->141 142 4037df-4037e5 lstrcatA 135->142 145 4037ea-403813 call 403a3d call 4058f5 136->145 141->142 142->145 150 403819-40381e 145->150 151 40389a-4038a2 call 4058f5 145->151 150->151 152 403820-403844 call 405c08 150->152 157 4038b0-4038d5 LoadImageA 151->157 158 4038a4-4038ab call 405d43 151->158 152->151 159 403846-403848 152->159 161 403964-40396c call 40140b 157->161 162 4038db-403911 RegisterClassA 157->162 158->157 163 403859-403865 lstrlenA 159->163 164 40384a-403857 call 40583f 159->164 173 403976-403981 call 403a3d 161->173 174 40396e-403971 161->174 165 403a33 162->165 166 403917-40395f SystemParametersInfoA CreateWindowExA 162->166 170 403867-403875 lstrcmpiA 163->170 171 40388d-403895 call 405814 call 405d21 163->171 164->163 169 403a35-403a3c 165->169 166->161 170->171 177 403877-403881 GetFileAttributesA 170->177 171->151 185 403987-4039a1 ShowWindow call 406043 173->185 186 403a0a-403a12 call 4050df 173->186 174->169 180 403883-403885 177->180 181 403887-403888 call 40585b 177->181 180->171 180->181 181->171 193 4039a3-4039a8 call 406043 185->193 194 4039ad-4039bf GetClassInfoA 185->194 191 403a14-403a1a 186->191 192 403a2c-403a2e call 40140b 186->192 191->174 195 403a20-403a27 call 40140b 191->195 192->165 193->194 198 4039c1-4039d1 GetClassInfoA RegisterClassA 194->198 199 4039d7-403a08 DialogBoxParamA call 40140b call 4036c4 194->199 195->174 198->199 199->169
                                            APIs
                                              • Part of subcall function 004060B1: GetModuleHandleA.KERNEL32(?,?,?,004032D6,0000000D), ref: 004060C3
                                              • Part of subcall function 004060B1: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                            • lstrcatA.KERNEL32(1033,00420560,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420560,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",00000000), ref: 004037E5
                                            • lstrlenA.KERNEL32(00422F00,?,?,?,00422F00,00000000,0042A400,1033,00420560,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420560,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 0040385A
                                            • lstrcmpiA.KERNEL32(?,.exe), ref: 0040386D
                                            • GetFileAttributesA.KERNEL32(00422F00), ref: 00403878
                                            • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,0042A400), ref: 004038C1
                                              • Part of subcall function 00405C7F: wsprintfA.USER32 ref: 00405C8C
                                            • RegisterClassA.USER32 ref: 00403908
                                            • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403920
                                            • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403959
                                            • ShowWindow.USER32(00000005,00000000), ref: 0040398F
                                            • GetClassInfoA.USER32(00000000,RichEdit20A,00423700), ref: 004039BB
                                            • GetClassInfoA.USER32(00000000,RichEdit,00423700), ref: 004039C8
                                            • RegisterClassA.USER32(00423700), ref: 004039D1
                                            • DialogBoxParamA.USER32(?,00000000,00403B0A,00000000), ref: 004039F0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                            • API String ID: 1975747703-1746943211
                                            • Opcode ID: 49a41739fa4e578782f341f7089ae24db10ce8e2b0ae372fb0ba48f28e73e7bf
                                            • Instruction ID: 3eb718fe3fc62f27c6965a063a7747c4007da3f3570f5faada6cae97da2bdee0
                                            • Opcode Fuzzy Hash: 49a41739fa4e578782f341f7089ae24db10ce8e2b0ae372fb0ba48f28e73e7bf
                                            • Instruction Fuzzy Hash: 5861A5B17442047ED720AF65AD45E2B3ABCEB4474AF40443FF941B21E1D67C9A428A2E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402CA5 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 206 402ca5-402cf3 GetTickCount GetModuleFileNameA call 4059f8 209 402cf5-402cfa 206->209 210 402cff-402d2d call 405d21 call 40585b call 405d21 GetFileSize 206->210 211 402f44-402f48 209->211 218 402d33-402d4a 210->218 219 402e1d-402e2b call 402c06 210->219 221 402d4c 218->221 222 402d4e-402d54 call 4031f2 218->222 225 402e31-402e34 219->225 226 402efc-402f01 219->226 221->222 227 402d59-402d5b 222->227 228 402e60-402eac GlobalAlloc call 40618e call 405a27 CreateFileA 225->228 229 402e36-402e47 call 403224 call 4031f2 225->229 226->211 230 402d61-402d67 227->230 231 402eb8-402ec0 call 402c06 227->231 256 402ec2-402ef2 call 403224 call 402f4b 228->256 257 402eae-402eb3 228->257 249 402e4c-402e4e 229->249 235 402de7-402deb 230->235 236 402d69-402d81 call 4059b9 230->236 231->226 239 402df4-402dfa 235->239 240 402ded-402df3 call 402c06 235->240 236->239 253 402d83-402d8a 236->253 245 402dfc-402e0a call 406120 239->245 246 402e0d-402e17 239->246 240->239 245->246 246->218 246->219 249->226 254 402e54-402e5a 249->254 253->239 258 402d8c-402d93 253->258 254->226 254->228 266 402ef7-402efa 256->266 257->211 258->239 260 402d95-402d9c 258->260 260->239 261 402d9e-402da5 260->261 261->239 263 402da7-402dc7 261->263 263->226 265 402dcd-402dd1 263->265 267 402dd3-402dd7 265->267 268 402dd9-402de1 265->268 266->226 269 402f03-402f14 266->269 267->219 267->268 268->239 270 402de3-402de5 268->270 271 402f16 269->271 272 402f1c-402f21 269->272 270->239 271->272 273 402f22-402f28 272->273 273->273 274 402f2a-402f42 call 4059b9 273->274 274->211
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00402CB9
                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,00000400), ref: 00402CD5
                                              • Part of subcall function 004059F8: GetFileAttributesA.KERNELBASE(00000003,00402CE8,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,80000000,00000003), ref: 004059FC
                                              • Part of subcall function 004059F8: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A1E
                                            • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,80000000,00000003), ref: 00402D1E
                                            • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402E65
                                            Strings
                                            • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402EAE
                                            • "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe", xrefs: 00402CA5
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402CB2, 00402E7D
                                            • Null, xrefs: 00402D9E
                                            • Inst, xrefs: 00402D8C
                                            • soft, xrefs: 00402D95
                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EFC
                                            • C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe, xrefs: 00402CBF, 00402CCE, 00402CE2, 00402CFF
                                            • C:\Users\user\Desktop, xrefs: 00402D00, 00402D05, 00402D0B
                                            • Error launching installer, xrefs: 00402CF5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                            • String ID: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                            • API String ID: 2803837635-533435319
                                            • Opcode ID: 582c0acadc01ac87b52ab700da47cac6f6c6afcbc8933679c231fb7aace92551
                                            • Instruction ID: 2068c71016bfdc4c85bf80bd2ac15da0559a4f5512f7d17c8df3fcb4241920dd
                                            • Opcode Fuzzy Hash: 582c0acadc01ac87b52ab700da47cac6f6c6afcbc8933679c231fb7aace92551
                                            • Instruction Fuzzy Hash: 7161B271E40218ABDB20DF64EE89B9A76B4FB04315F20457BF600B62D1C7BC9E419B9C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401751 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 346 401751-401774 call 402a29 call 405881 351 401776-40177c call 405d21 346->351 352 40177e-401790 call 405d21 call 405814 lstrcatA 346->352 357 401795-40179b call 405f83 351->357 352->357 362 4017a0-4017a4 357->362 363 4017a6-4017b0 call 40601c 362->363 364 4017d7-4017da 362->364 371 4017c2-4017d4 363->371 372 4017b2-4017c0 CompareFileTime 363->372 366 4017e2-4017fe call 4059f8 364->366 367 4017dc-4017dd call 4059d9 364->367 374 401800-401803 366->374 375 401876-40189f call 40500d call 402f4b 366->375 367->366 371->364 372->371 377 401805-401847 call 405d21 * 2 call 405d43 call 405d21 call 4055e2 374->377 378 401858-401862 call 40500d 374->378 389 4018a1-4018a5 375->389 390 4018a7-4018b3 SetFileTime 375->390 377->362 410 40184d-40184e 377->410 387 40186b-401871 378->387 391 4028c7 387->391 389->390 393 4018b9-4018c4 FindCloseChangeNotification 389->393 390->393 397 4028c9-4028cd 391->397 395 4018ca-4018cd 393->395 396 4028be-4028c1 393->396 399 4018e2-4018e5 call 405d43 395->399 400 4018cf-4018e0 call 405d43 lstrcatA 395->400 396->391 406 4018ea-402246 call 4055e2 399->406 400->406 406->396 406->397 410->387 412 401850-401851 410->412 412->378
                                            APIs
                                            • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer,C:\Users\user\AppData\Local\Temp\nsuD628.tmpb,00000000,00000000,00000031), ref: 00401790
                                            • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer,"C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer,00000000,00000000,"C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer,C:\Users\user\AppData\Local\Temp\nsuD628.tmpb,00000000,00000000,00000031), ref: 004017BA
                                              • Part of subcall function 00405D21: lstrcpynA.KERNEL32(?,?,00000400,0040331A,bomgar Setup,NSIS Error), ref: 00405D2E
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000,?), ref: 00405046
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(00402C7D,0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000), ref: 00405056
                                              • Part of subcall function 0040500D: lstrcatA.KERNEL32(0041FD38,00402C7D,00402C7D,0041FD38,00000000,00000000,00000000), ref: 00405069
                                              • Part of subcall function 0040500D: SetWindowTextA.USER32(0041FD38,0041FD38), ref: 0040507B
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050A1
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050BB
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050C9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                            • String ID: "C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer$C:\Users\user\AppData\Local\Temp\nsuD628.tmpb$startup_animation_instance_id
                                            • API String ID: 1941528284-3591516948
                                            • Opcode ID: e43f36c2347c17f941f9082979a1f9f0097e4c13f7f3cb8cda4d23cd3c0202f9
                                            • Instruction ID: f0a42a14e708dd12bcffaee60e7f2df368574f431a55fa24cce6483bebd98ee7
                                            • Opcode Fuzzy Hash: e43f36c2347c17f941f9082979a1f9f0097e4c13f7f3cb8cda4d23cd3c0202f9
                                            • Instruction Fuzzy Hash: 8D41A232900518BBDB107BA5DC49EAF3669EF01369B60C63BF021F10E1D67C8A419A6E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004054CF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 413 4054cf-40551a CreateDirectoryA 414 405520-40552d GetLastError 413->414 415 40551c-40551e 413->415 416 405547-405549 414->416 417 40552f-405543 SetFileSecurityA 414->417 415->416 417->415 418 405545 GetLastError 417->418 418->416
                                            APIs
                                            • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405512
                                            • GetLastError.KERNEL32 ref: 00405526
                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 0040553B
                                            • GetLastError.KERNEL32 ref: 00405545
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                            • String ID: C:\Users\user\Desktop$Ls@$\s@
                                            • API String ID: 3449924974-3927138272
                                            • Opcode ID: 31ad9693580a8955374231099f971d3d62770966da1912963915dd7ffeca80d6
                                            • Instruction ID: 56c7d4aaaf251bd07cc0b4522ac5d808c8432f0116ca782d9c39ddb198d1e727
                                            • Opcode Fuzzy Hash: 31ad9693580a8955374231099f971d3d62770966da1912963915dd7ffeca80d6
                                            • Instruction Fuzzy Hash: D0010871D14219EAEF019BA0DD047EFBFB8EB04318F00813AD904B6190E378A604CFAA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406043 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 419 406043-406063 GetSystemDirectoryA 420 406065 419->420 421 406067-406069 419->421 420->421 422 406079-40607b 421->422 423 40606b-406073 421->423 425 40607c-4060ae wsprintfA LoadLibraryExA 422->425 423->422 424 406075-406077 423->424 424->425
                                            APIs
                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040605A
                                            • wsprintfA.USER32 ref: 00406093
                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004060A7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                            • String ID: %s%s.dll$UXTHEME$\
                                            • API String ID: 2200240437-4240819195
                                            • Opcode ID: dbe29b16d36e4990d4b8a8d99ebd83d4bb69569e7e7cd5a56c72b64b27b98503
                                            • Instruction ID: 5fdbc61320f33fdce410e8edafbcaed402668a74862ff9e47b16be990dadb363
                                            • Opcode Fuzzy Hash: dbe29b16d36e4990d4b8a8d99ebd83d4bb69569e7e7cd5a56c72b64b27b98503
                                            • Instruction Fuzzy Hash: 8FF0FC309402056ADB14D764DC0DFFB366CB708305F1405BAB146F11D2D674E8258B99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401F84 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 426 401f84-401f90 427 401f96-401fac call 402a29 * 2 426->427 428 40204c-40204e 426->428 437 401fbb-401fc9 LoadLibraryExA 427->437 438 401fae-401fb9 GetModuleHandleA 427->438 430 402197-40219c call 401423 428->430 435 4028be-4028cd 430->435 440 401fcb-401fd9 GetProcAddress 437->440 441 402045-402047 437->441 438->437 438->440 443 402018-40201d call 40500d 440->443 444 401fdb-401fe1 440->444 441->430 448 402022-402025 443->448 446 401fe3-401fef call 401423 444->446 447 401ffa-40200e 444->447 446->448 456 401ff1-401ff8 446->456 450 402013-402016 447->450 448->435 451 40202b-402033 call 403714 448->451 450->448 451->435 457 402039-402040 FreeLibrary 451->457 456->448 457->435
                                            APIs
                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000,?), ref: 00405046
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(00402C7D,0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000), ref: 00405056
                                              • Part of subcall function 0040500D: lstrcatA.KERNEL32(0041FD38,00402C7D,00402C7D,0041FD38,00000000,00000000,00000000), ref: 00405069
                                              • Part of subcall function 0040500D: SetWindowTextA.USER32(0041FD38,0041FD38), ref: 0040507B
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050A1
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050BB
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050C9
                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                            • String ID: ?B
                                            • API String ID: 2987980305-608017948
                                            • Opcode ID: c4a14a7487b56c7100da2a8e18938ff8267bb0c801f29b7db3e9e48f5006ea59
                                            • Instruction ID: 6263746366bf4ff24837a3614574a646b6e9d3c8ecc2b2196e437e8b9a385e53
                                            • Opcode Fuzzy Hash: c4a14a7487b56c7100da2a8e18938ff8267bb0c801f29b7db3e9e48f5006ea59
                                            • Instruction Fuzzy Hash: 88215B32D04215ABDF217FA48E4CAAE7970AF44314F60423BF601B22E0C7BC4941DA5E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405A27 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 458 405a27-405a31 459 405a32-405a5c GetTickCount GetTempFileNameA 458->459 460 405a6b-405a6d 459->460 461 405a5e-405a60 459->461 463 405a65-405a68 460->463 461->459 462 405a62 461->462 462->463
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00405A3A
                                            • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405A54
                                            Strings
                                            • "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe", xrefs: 00405A27
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A2A, 00405A2E
                                            • nsa, xrefs: 00405A33
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CountFileNameTempTick
                                            • String ID: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                            • API String ID: 1716503409-1735155484
                                            • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                            • Instruction ID: 29357d13e907c2ee9e8bb3ba75dac8a89e11bb6cba0c67c3eb3ea926b8f75691
                                            • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                            • Instruction Fuzzy Hash: 68F027363482487BD7104E25DC44B9B3F98DF91710F14C127FA049A280D2B09A448BA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402F4B Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 464 402f4b-402f5a 465 402f78-402f83 call 403076 464->465 466 402f5c-402f72 SetFilePointer 464->466 469 402f89-402fa3 ReadFile 465->469 470 40306f-403073 465->470 466->465 471 402fa9-402fac 469->471 472 40306c 469->472 471->472 473 402fb2-402fc5 call 403076 471->473 474 40306e 472->474 473->470 477 402fcb-402fce 473->477 474->470 478 402fd0-402fd3 477->478 479 40303b-403041 477->479 482 403067-40306a 478->482 483 402fd9 478->483 480 403043 479->480 481 403046-403059 ReadFile 479->481 480->481 481->472 484 40305b-403064 481->484 482->470 485 402fde-402fe6 483->485 484->482 486 402fe8 485->486 487 402feb-402ffd ReadFile 485->487 486->487 487->472 488 402fff-403002 487->488 488->472 489 403004-403019 WriteFile 488->489 490 403037-403039 489->490 491 40301b-40301e 489->491 490->474 491->490 492 403020-403033 491->492 492->485 493 403035 492->493 493->482
                                            APIs
                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EF7,000000FF,00000000,00000000,?,0000BBE4), ref: 00402F72
                                            • ReadFile.KERNELBASE(?,00000004,0000BBE4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EF7,000000FF,00000000,00000000,?), ref: 00402F9F
                                            • ReadFile.KERNELBASE(00413100,00004000,0000BBE4,00000000,?,?,00402EF7,000000FF,00000000,00000000,?,0000BBE4), ref: 00402FF9
                                            • WriteFile.KERNELBASE(00000000,00413100,0000BBE4,000000FF,00000000,?,00402EF7,000000FF,00000000,00000000,?,0000BBE4), ref: 00403011
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: File$Read$PointerWrite
                                            • String ID:
                                            • API String ID: 2113905535-0
                                            • Opcode ID: f6e6bd698fe3ae893cc15c825e5bc87d9462c34c528534c958a294ebf7eb29c0
                                            • Instruction ID: fe14384fc5933b858476660fc8820527d185b4b5c9bf9e861a356ad6d6de57c6
                                            • Opcode Fuzzy Hash: f6e6bd698fe3ae893cc15c825e5bc87d9462c34c528534c958a294ebf7eb29c0
                                            • Instruction Fuzzy Hash: C2313A31501209FBDB21CF69DD84E9E3BBCEB41795F20407AF904B6194D2349F81DBA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403076 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 494 403076-40309f GetTickCount 495 4031e0-4031e8 call 402c06 494->495 496 4030a5-4030d0 call 403224 SetFilePointer 494->496 501 4031ea-4031ef 495->501 502 4030d5-4030e7 496->502 503 4030e9 502->503 504 4030eb-4030f9 call 4031f2 502->504 503->504 507 4031d2-4031d5 504->507 508 4030ff-40310b 504->508 507->501 509 403111-403117 508->509 510 403142-40315e call 4061ae 509->510 511 403119-40311f 509->511 517 403160-403168 510->517 518 4031db 510->518 511->510 512 403121-403141 call 402c06 511->512 512->510 520 40316a-403180 WriteFile 517->520 521 40319c-4031a2 517->521 519 4031dd-4031de 518->519 519->501 523 403182-403186 520->523 524 4031d7-4031d9 520->524 521->518 522 4031a4-4031a6 521->522 522->518 525 4031a8-4031bb 522->525 523->524 526 403188-403194 523->526 524->519 525->502 527 4031c1-4031d0 SetFilePointer 525->527 526->509 528 40319a 526->528 527->495 528->525
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 0040308B
                                              • Part of subcall function 00403224: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402ED0,0000BBE4), ref: 00403232
                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F81,00000004,00000000,00000000,00000000,?,?,?,00402EF7,000000FF,00000000), ref: 004030BE
                                            • WriteFile.KERNELBASE(0040B100,0040B5B5,00000000,00000000,00413100,00004000,?,00000000,?,00402F81,00000004,00000000,00000000,00000000,?,?), ref: 00403178
                                            • SetFilePointer.KERNELBASE(00CAB746,00000000,00000000,00413100,00004000,?,00000000,?,00402F81,00000004,00000000,00000000,00000000,?,?), ref: 004031CA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: File$Pointer$CountTickWrite
                                            • String ID:
                                            • API String ID: 2146148272-0
                                            • Opcode ID: 2d4c04749339da06de0573e6b7037e516648b118694a1450bf6607eaaf58a1be
                                            • Instruction ID: da15dfcd8ef6941032c522a41ecde4ab94df0ac5dec59baa9b8d3cd1f902642a
                                            • Opcode Fuzzy Hash: 2d4c04749339da06de0573e6b7037e516648b118694a1450bf6607eaaf58a1be
                                            • Instruction Fuzzy Hash: F741B071A08214EFD710DF24FE859673BACF749356700423BE911B62E0D7396D068B9D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 612 4015b3-4015c6 call 402a29 call 4058a8 617 4015c8-4015db call 40583f 612->617 618 40161c-40161f 612->618 626 4015f3-4015f4 call 40554c 617->626 627 4015dd-4015e0 617->627 620 401621-40163c call 401423 call 405d21 SetCurrentDirectoryA 618->620 621 40164a-40219c call 401423 618->621 634 4028be-4028cd 620->634 641 401642-401645 620->641 621->634 633 4015f9-4015fb 626->633 627->626 630 4015e2-4015e9 call 405569 627->630 630->626 644 4015eb-4015ec call 4054cf 630->644 637 401612-40161a 633->637 638 4015fd-401602 633->638 637->617 637->618 642 401604-40160d GetFileAttributesA 638->642 643 40160f 638->643 641->634 642->637 642->643 643->637 647 4015f1 644->647 647->633
                                            APIs
                                              • Part of subcall function 004058A8: CharNextA.USER32(ZV@,?,C:\,00000000,0040590C,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004058B6
                                              • Part of subcall function 004058A8: CharNextA.USER32(00000000), ref: 004058BB
                                              • Part of subcall function 004058A8: CharNextA.USER32(00000000), ref: 004058CA
                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                              • Part of subcall function 004054CF: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405512
                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\nsuD628.tmpb,00000000,00000000,000000F0), ref: 00401634
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nsuD628.tmpb, xrefs: 00401629
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb
                                            • API String ID: 1892508949-747246019
                                            • Opcode ID: a8a757d1f54bc589b026242be88b53f7bdcf3485e0ca4f0f4c00d184252207fa
                                            • Instruction ID: 0fc5afa66b9553fe621020e854e4140432af6ec7d1696132e2132cfc277966a2
                                            • Opcode Fuzzy Hash: a8a757d1f54bc589b026242be88b53f7bdcf3485e0ca4f0f4c00d184252207fa
                                            • Instruction Fuzzy Hash: D1112E35904141ABDF317BB51D409BF26B0ED91314728463FF581722D2C63C0943D62F
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004058F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 648 4058f5-405910 call 405d21 call 4058a8 653 405912-405914 648->653 654 405916-405923 call 405f83 648->654 655 405968-40596a 653->655 658 405925-405929 654->658 659 40592f-405931 654->659 658->653 661 40592b-40592d 658->661 660 405947-405950 lstrlenA 659->660 662 405952-405966 call 405814 GetFileAttributesA 660->662 663 405933-40593a call 40601c 660->663 661->653 661->659 662->655 668 405941-405942 call 40585b 663->668 669 40593c-40593f 663->669 668->660 669->653 669->668
                                            APIs
                                              • Part of subcall function 00405D21: lstrcpynA.KERNEL32(?,?,00000400,0040331A,bomgar Setup,NSIS Error), ref: 00405D2E
                                              • Part of subcall function 004058A8: CharNextA.USER32(ZV@,?,C:\,00000000,0040590C,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004058B6
                                              • Part of subcall function 004058A8: CharNextA.USER32(00000000), ref: 004058BB
                                              • Part of subcall function 004058A8: CharNextA.USER32(00000000), ref: 004058CA
                                            • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 00405948
                                            • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 00405958
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                            • String ID: C:\
                                            • API String ID: 3248276644-3404278061
                                            • Opcode ID: ae8abc30229591e8232c77b122a383443f6305fcb3a3701b9418e93e8f6feb24
                                            • Instruction ID: 98877235d508cd616d67dd2f6bf5a55528e12ce4435148d64c9c7b48aaa029da
                                            • Opcode Fuzzy Hash: ae8abc30229591e8232c77b122a383443f6305fcb3a3701b9418e93e8f6feb24
                                            • Instruction Fuzzy Hash: CEF0C8A6115D6196EB2237362C05AAF0654CED3334719453BFC51B12E2CB3C8A43DD7E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004024F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 671 4024f1-4024f4 672 4024f6-402505 call 402a0c 671->672 673 402507-40250f call 402a29 lstrlenA 671->673 678 402514-402516 672->678 673->678 679 40251c-40252e call 405c98 WriteFile 678->679 680 40268f-4028cd 678->680 679->680
                                            APIs
                                            • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                            • WriteFile.KERNELBASE(00000000,?,startup_animation_instance_id,00000000,?,?,00000000,00000011), ref: 0040252E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: FileWritelstrlen
                                            • String ID: startup_animation_instance_id
                                            • API String ID: 427699356-2236920193
                                            • Opcode ID: fcec03ff9347f6f22e9653de1dcd375266d3d7f999daefe3cb61c191dbce3456
                                            • Instruction ID: dc723f5779a4569b635a0c7f4a7451feaf37ff8fc0e1c2d324660a181fbd917d
                                            • Opcode Fuzzy Hash: fcec03ff9347f6f22e9653de1dcd375266d3d7f999daefe3cb61c191dbce3456
                                            • Instruction Fuzzy Hash: D2F0E2B2A15244BFD710EFA09E49AEF3668DB00348F20043BF141B61C2D7BC4A408A6E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405581 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422568,Error launching installer), ref: 004055A6
                                            • CloseHandle.KERNEL32(?), ref: 004055B3
                                            Strings
                                            • Error launching installer, xrefs: 00405594
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CloseCreateHandleProcess
                                            • String ID: Error launching installer
                                            • API String ID: 3712363035-66219284
                                            • Opcode ID: 5cf1446fe966192831908fa59a4883a5456ba76fe2ffc7931c8ffb40ed6eb5e1
                                            • Instruction ID: e116bf19f72a0873f179cce176f3342c59e3cfccb0ca0fe2139a94ff21ecbda0
                                            • Opcode Fuzzy Hash: 5cf1446fe966192831908fa59a4883a5456ba76fe2ffc7931c8ffb40ed6eb5e1
                                            • Instruction Fuzzy Hash: DDE0ECB4A0020ABBEB10EF64ED09A6F7BBDEB00344B808521B910E2151E778DA55CE69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004036DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(?,C:\Users\user\AppData\Local\Temp\,00000000,74DF2EE0,004036B6,?,004034A8,00000020), ref: 004036F9
                                            • GlobalFree.KERNEL32(00000000), ref: 00403700
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004036F1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Free$GlobalLibrary
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 1100898210-3081826266
                                            • Opcode ID: a70c4a9018867b2587f47988a4218c47e07037b5498b81b16856e5c63d912167
                                            • Instruction ID: 1244960087ba6a52f37e5228d8172a8400fdf299e1c3a66ab1fbb560253cc73f
                                            • Opcode Fuzzy Hash: a70c4a9018867b2587f47988a4218c47e07037b5498b81b16856e5c63d912167
                                            • Instruction Fuzzy Hash: 8BE08C32814420ABC6325F49B80879ABA6C6B44B22F018436E800B72A187756E424FC8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406792 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55c0b7a721fe9f5ef397401b57916a4a4f07ed12a3b12f75d9ae9e0bca22c3bb
                                            • Instruction ID: 87065929d9a91fdd0458a55e02a8b7f84d2d7929dfc1a151ee74e91ea0622ce6
                                            • Opcode Fuzzy Hash: 55c0b7a721fe9f5ef397401b57916a4a4f07ed12a3b12f75d9ae9e0bca22c3bb
                                            • Instruction Fuzzy Hash: 03A14471E00229CBDB28CFA8C8447ADBBB1FF45305F15816ED816BB281D7786A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406993 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba47551efee8f4dd7a23be09d49e45a7ea20bd3b35e2c2fcb46d97847279f943
                                            • Instruction ID: 3ef74d887a630cca27609bca8cb02e143d1282a7b6acbc496a04eae926e85070
                                            • Opcode Fuzzy Hash: ba47551efee8f4dd7a23be09d49e45a7ea20bd3b35e2c2fcb46d97847279f943
                                            • Instruction Fuzzy Hash: EF912270E00228CBDF28CF98C8547ADBBB1FB45305F15816ED816BB291C778AA96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004066A9 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4107f84667d2a8e77277e00f77bb9df8b0a025a01863b07d1fa963227c12f709
                                            • Instruction ID: f2aa52c2d80f7bec87cefe511021f47ffb9aa59d8e1df82a8a541a9d0a1b1597
                                            • Opcode Fuzzy Hash: 4107f84667d2a8e77277e00f77bb9df8b0a025a01863b07d1fa963227c12f709
                                            • Instruction Fuzzy Hash: DC815771E04228CFDF24CFA8C8847ADBBB1FB45305F25816AD816BB291C7789A95DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004061AE Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e8e79b564d9e408fcbc14c34b6c035624904b69a8b3daa728e37c71c593cea61
                                            • Instruction ID: a45227a53c0e957ecc8cc10040f9bf53c57f2d2f1aad6ee792f7096bbeb80e86
                                            • Opcode Fuzzy Hash: e8e79b564d9e408fcbc14c34b6c035624904b69a8b3daa728e37c71c593cea61
                                            • Instruction Fuzzy Hash: 01815871E04228DBDF24CFA8C8447ADBBB0FB45305F15816ED856BB281C778AA96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004065FC Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad74f5bb23717b9b9266cc6e848aae2ede7e1e45e7457547437dbc92f0e64aea
                                            • Instruction ID: cb26df8cf596ea10a1665f901e087a8bb785d7c398c561950036a517f6715d5f
                                            • Opcode Fuzzy Hash: ad74f5bb23717b9b9266cc6e848aae2ede7e1e45e7457547437dbc92f0e64aea
                                            • Instruction Fuzzy Hash: 0F711271E00228DFDF28CF98C8947ADBBB1FB44305F15816AD816BB281D7789A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040671A Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75fe8c997f6de5dc0b00e9ab56fcd75becfe7a8fa42715e4df120b16e4c26d9a
                                            • Instruction ID: b43af96a794b731481d94b606ab30fafd7999bb4738b162696d412f58dc72ff7
                                            • Opcode Fuzzy Hash: 75fe8c997f6de5dc0b00e9ab56fcd75becfe7a8fa42715e4df120b16e4c26d9a
                                            • Instruction Fuzzy Hash: 37713371E00228CBDF28CF98C8847ADBBB1FB45305F15816ED816BB291C7789A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406666 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 476deb05cfcb15308a8bdf8b41f338c6a02c868c840a840019de1702966ae8f9
                                            • Instruction ID: 00df4279a1867b74552f2d9314ece6b24e09d92b943613cf84d0eaed6b041a19
                                            • Opcode Fuzzy Hash: 476deb05cfcb15308a8bdf8b41f338c6a02c868c840a840019de1702966ae8f9
                                            • Instruction Fuzzy Hash: 4C713571E00228DBDF28CF98C8447ADBBB1FB44305F15816ED916BB291C778AA56DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004021A5 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040601C: FindFirstFileA.KERNELBASE(?,004225B0,C:\,00405938,C:\,C:\,00000000,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 00406027
                                              • Part of subcall function 0040601C: FindClose.KERNEL32(00000000), ref: 00406033
                                            • lstrlenA.KERNEL32 ref: 004021E5
                                            • lstrlenA.KERNEL32(00000000), ref: 004021EF
                                            • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 00402217
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: FileFindlstrlen$CloseFirstOperation
                                            • String ID:
                                            • API String ID: 1486964399-0
                                            • Opcode ID: e2a44b7260c8ef732f56eb902295396a601ac8c53d0f7bc5afb7863cd17bd8cc
                                            • Instruction ID: be44fc8f2ec4ec672bea0c1d30a840d95d49550ee1f6128d57ec9b85e77644bb
                                            • Opcode Fuzzy Hash: e2a44b7260c8ef732f56eb902295396a601ac8c53d0f7bc5afb7863cd17bd8cc
                                            • Instruction Fuzzy Hash: BB115275E04204AADB10EFF98949ADEB7B8EF04348F10853BA501FB2C1D6BCC5458FA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401E38 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000,?), ref: 00405046
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(00402C7D,0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000), ref: 00405056
                                              • Part of subcall function 0040500D: lstrcatA.KERNEL32(0041FD38,00402C7D,00402C7D,0041FD38,00000000,00000000,00000000), ref: 00405069
                                              • Part of subcall function 0040500D: SetWindowTextA.USER32(0041FD38,0041FD38), ref: 0040507B
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050A1
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050BB
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050C9
                                              • Part of subcall function 00405581: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422568,Error launching installer), ref: 004055A6
                                              • Part of subcall function 00405581: CloseHandle.KERNEL32(?), ref: 004055B3
                                            • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E72
                                            • GetExitCodeProcess.KERNELBASE(?,?), ref: 00401E82
                                            • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EA7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                            • String ID:
                                            • API String ID: 3521207402-0
                                            • Opcode ID: 72ccecfdef7d29a36245c409bd51c3e9b4e65b016ad3516aa7344e95be81daf5
                                            • Instruction ID: 7ce20bff50928411eec9152449a0000de0cf1bfef03f7f40e60fccb62da72053
                                            • Opcode Fuzzy Hash: 72ccecfdef7d29a36245c409bd51c3e9b4e65b016ad3516aa7344e95be81daf5
                                            • Instruction Fuzzy Hash: FE015732D04108EBDF21AFA1D944AAE7A71AF00344F50813BF901B51E1C7B94A41DB9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403682 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            • CloseHandle.KERNEL32(FFFFFFFF,?,004034A8,00000020), ref: 00403694
                                            • CloseHandle.KERNEL32(FFFFFFFF,?,004034A8,00000020), ref: 004036A8
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nsuD628.tmp\, xrefs: 004036B8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsuD628.tmp\
                                            • API String ID: 2962429428-3991604328
                                            • Opcode ID: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                            • Instruction ID: 6f4d9dd272cb95b797c111a20fa7c26f62e8c5ece9492243f8cf05df49bab05b
                                            • Opcode Fuzzy Hash: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                            • Instruction Fuzzy Hash: ABE08C30900610A6C630AF7CAE899453B1C9B423357604B22F138F26F2C3386E865AED
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401DDE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Temp\nsuD628.tmpb,?), ref: 00401E24
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nsuD628.tmpb, xrefs: 00401E0F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: ExecuteShell
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb
                                            • API String ID: 587946157-747246019
                                            • Opcode ID: e02f8f3a54ae358d47c27194f9c5de782f41d36ecc6122ee1cdbe1d37ed7f47d
                                            • Instruction ID: dd0caf2784fa87ae8b8dd59e11ca598bc67483de7d87b2d931aa021d0b46d9f1
                                            • Opcode Fuzzy Hash: e02f8f3a54ae358d47c27194f9c5de782f41d36ecc6122ee1cdbe1d37ed7f47d
                                            • Instruction Fuzzy Hash: 25F0FC36B141006FDB12ABF59D4AEDE2664DB44714F20053BF410F71C1D9FD88419758
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004023E2 Relevance: 3.1, APIs: 2, Instructions: 57registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00402B33: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B5B
                                            • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000033), ref: 00402412
                                            • RegCloseKey.ADVAPI32(?,?,?,0040A430,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID:
                                            • API String ID: 3677997916-0
                                            • Opcode ID: 8c9ef74b83a53c1e5ad15650b3610dbb25092b42a318ca396940332c0bfe44df
                                            • Instruction ID: eec17d55527eee659ffcb33b78a23fdcdc882f8d8c7e2713df73d2ce53f6e541
                                            • Opcode Fuzzy Hash: 8c9ef74b83a53c1e5ad15650b3610dbb25092b42a318ca396940332c0bfe44df
                                            • Instruction Fuzzy Hash: 5E11C131D05205EFDB21DF64C6888AF7BB4EF00344B21807FE141B72C0D6B88A45DB5A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                            • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 30934756a0793c83c2b001940d4c79d4960e2fdff1a76ece8e6b442f6a1bea9c
                                            • Instruction ID: 5931363a71a74a292c3a2775432474c25d5e7ccd14c54af781ff2abfa9b25a8c
                                            • Opcode Fuzzy Hash: 30934756a0793c83c2b001940d4c79d4960e2fdff1a76ece8e6b442f6a1bea9c
                                            • Instruction Fuzzy Hash: EC014471B24210ABEB281B389C04B2A32A8E710719F10813BF901F62F1D638DC028B4D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004060B1 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,?,?,004032D6,0000000D), ref: 004060C3
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                              • Part of subcall function 00406043: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040605A
                                              • Part of subcall function 00406043: wsprintfA.USER32 ref: 00406093
                                              • Part of subcall function 00406043: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004060A7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                            • String ID:
                                            • API String ID: 2547128583-0
                                            • Opcode ID: 62fccafea54e634e599a9161e1c1cefa8bb4f2fd215621dc62c81c5ca262e862
                                            • Instruction ID: 61e6f36f06c12f19f17a16d91a4a12b49fa39bc6deddc5c9f3ec726615848044
                                            • Opcode Fuzzy Hash: 62fccafea54e634e599a9161e1c1cefa8bb4f2fd215621dc62c81c5ca262e862
                                            • Instruction Fuzzy Hash: 1EE0C232A48120BBD630DB71AD0497B72AC9F8C7503024C7EF956F6181D738EC219769
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004059F8 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesA.KERNELBASE(00000003,00402CE8,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,80000000,00000003), ref: 004059FC
                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: File$AttributesCreate
                                            • String ID:
                                            • API String ID: 415043291-0
                                            • Opcode ID: c04a671e1d0aeebb75a90218c505478b62e23a7d0cf6ebbd9f64de51765d29e7
                                            • Instruction ID: 9ebb41c6164f6193b48f12100262a9f13d4f8789d70c6181de7ffe401b8a7c85
                                            • Opcode Fuzzy Hash: c04a671e1d0aeebb75a90218c505478b62e23a7d0cf6ebbd9f64de51765d29e7
                                            • Instruction Fuzzy Hash: BBD09E31658301AFEF098F20DD1AF2E7BA2EB84B00F10962CB686D40E0D6755859DB16
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040554C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryA.KERNELBASE(?,00000000,0040325F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405552
                                            • GetLastError.KERNEL32 ref: 00405560
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID:
                                            • API String ID: 1375471231-0
                                            • Opcode ID: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
                                            • Instruction ID: bb31ad172352d335768c2ff49b02b9b5434d74c00763d62282009aed5056ae3c
                                            • Opcode Fuzzy Hash: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
                                            • Instruction Fuzzy Hash: 4DC04C70A18642FAD6109B30DE097177951AB50781F14C5366106E21F4D634A411D93E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004059D9 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesA.KERNELBASE(?,004057E4,?,?,?), ref: 004059DD
                                            • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004059EF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                            • Instruction ID: e03384119d56273c22eb03b109787e3f503748793daec3c00e4ae97557ed026f
                                            • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                            • Instruction Fuzzy Hash: D5C04CB1C08501EBE6015B34EF0DC1F7B66EB51321B118B35F169A01F0C7315C66EA2A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402256 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040228F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringWrite
                                            • String ID:
                                            • API String ID: 390214022-0
                                            • Opcode ID: a6fb44e22c99690681a4c0f0a456a573356708da06a63945caf7a9ecc8b2ba8b
                                            • Instruction ID: 9a3f353abb9854a2dcf36a290de64e4b7c73f2819bc6a6c51ab45a3fdf735c55
                                            • Opcode Fuzzy Hash: a6fb44e22c99690681a4c0f0a456a573356708da06a63945caf7a9ecc8b2ba8b
                                            • Instruction Fuzzy Hash: 81E0D831B00012ABD72136F25E8DC7F10985B44704F34013FB501762C1CCB80C4549A9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402B33 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B5B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 25436d7f43efcdaee1252335ee02ab59e58b447018d328d8d574bf9b9a61a639
                                            • Instruction ID: bce940b12367652e57fbd01b98abbbfad79380e3dfc8a7d97a8e28f4dcd000f3
                                            • Opcode Fuzzy Hash: 25436d7f43efcdaee1252335ee02ab59e58b447018d328d8d574bf9b9a61a639
                                            • Instruction Fuzzy Hash: 6FE0E676654108BFD710DFA9ED47FD577ECE748714F008421B609E70D1C674E5548B58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004031F2 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00413100,0040B100,004030F7,00413100,00004000,?,00000000,?,00402F81,00000004,00000000,00000000), ref: 00403209
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                            • Instruction ID: f236afdc7bd027da76b6f2b7c49482001c868e6342bcbecd04d3475a457c6b66
                                            • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                            • Instruction Fuzzy Hash: 62E08631140118BBCF205E919E00EA73B5CDB55762F008076BA14E6590D130DE119FA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403224 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402ED0,0000BBE4), ref: 00403232
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                            • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                            • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                            • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0040495C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003F9), ref: 00404973
                                            • GetDlgItem.USER32(?,00000408), ref: 00404980
                                            • GlobalAlloc.KERNEL32(00000040,00000001), ref: 004049CC
                                            • LoadBitmapA.USER32(0000006E), ref: 004049DF
                                            • SetWindowLongA.USER32(?,000000FC,00404F5D), ref: 004049F9
                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A0D
                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A21
                                            • SendMessageA.USER32(?,00001109,00000002), ref: 00404A36
                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A42
                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A54
                                            • DeleteObject.GDI32(?), ref: 00404A59
                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A84
                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A90
                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B25
                                            • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B50
                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B64
                                            • GetWindowLongA.USER32(?,000000F0), ref: 00404B93
                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404BA1
                                            • ShowWindow.USER32(?,00000005), ref: 00404BB2
                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404CB5
                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404D1A
                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D2F
                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D53
                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D79
                                            • ImageList_Destroy.COMCTL32(?), ref: 00404D8E
                                            • GlobalFree.KERNEL32(?), ref: 00404D9E
                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404E0E
                                            • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404EB7
                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EC6
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EE6
                                            • ShowWindow.USER32(?,00000000), ref: 00404F34
                                            • GetDlgItem.USER32(?,000003FE), ref: 00404F3F
                                            • ShowWindow.USER32(00000000), ref: 00404F46
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                            • String ID: $1+Y$M$N
                                            • API String ID: 1638840714-2015799235
                                            • Opcode ID: b0bd4dabe16d15d767d52dad1569a2d65584ce418d6990713ffb8b3392ba2db6
                                            • Instruction ID: ae97c3f605f16a0640dfc1483a461aab2d2b935ca1618c0c324a23376ce0751d
                                            • Opcode Fuzzy Hash: b0bd4dabe16d15d767d52dad1569a2d65584ce418d6990713ffb8b3392ba2db6
                                            • Instruction Fuzzy Hash: AB02AFB0E00209AFDB24DF54DC45AAE7BB5FB84315F10817AF610BA2E1D7799A81CF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040514B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,00000403), ref: 004051AA
                                            • GetDlgItem.USER32(?,000003EE), ref: 004051B9
                                            • GetClientRect.USER32(?,?), ref: 004051F6
                                            • GetSystemMetrics.USER32(00000015), ref: 004051FE
                                            • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040521F
                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405230
                                            • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00405243
                                            • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405251
                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405264
                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405286
                                            • ShowWindow.USER32(?,00000008), ref: 0040529A
                                            • GetDlgItem.USER32(?,000003EC), ref: 004052BB
                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052CB
                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052E4
                                            • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004052F0
                                            • GetDlgItem.USER32(?,000003F8), ref: 004051C8
                                              • Part of subcall function 00404012: SendMessageA.USER32(00000028,?,00000001,00403E43), ref: 00404020
                                            • GetDlgItem.USER32(?,000003EC), ref: 0040530D
                                            • CreateThread.KERNEL32(00000000,00000000,Function_000050DF,00000000), ref: 0040531B
                                            • CloseHandle.KERNEL32(00000000), ref: 00405322
                                            • ShowWindow.USER32(00000000), ref: 00405346
                                            • ShowWindow.USER32(00000000,00000008), ref: 0040534B
                                            • ShowWindow.USER32(00000008), ref: 00405392
                                            • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 004053C4
                                            • CreatePopupMenu.USER32 ref: 004053D5
                                            • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004053EA
                                            • GetWindowRect.USER32(00000000,?), ref: 004053FD
                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405421
                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040545C
                                            • OpenClipboard.USER32(00000000), ref: 0040546C
                                            • EmptyClipboard.USER32 ref: 00405472
                                            • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 0040547B
                                            • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405485
                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405499
                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004054B1
                                            • SetClipboardData.USER32(00000001,00000000), ref: 004054BC
                                            • CloseClipboard.USER32 ref: 004054C2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                            • String ID: {
                                            • API String ID: 590372296-366298937
                                            • Opcode ID: 95fa9e90fcfb87a3e7f718710084bc6a5f37a75f2b83fa3969b1f4d013340207
                                            • Instruction ID: 8b10a5a65f56e4f2eee133407a8d48cd980a9719ceff292be100e44144a2fafa
                                            • Opcode Fuzzy Hash: 95fa9e90fcfb87a3e7f718710084bc6a5f37a75f2b83fa3969b1f4d013340207
                                            • Instruction Fuzzy Hash: E8A14AB0900208BFDB119F60DD89AAE7F79FB48355F00817AFA05BA1E0C7795A41DF69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040441B Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 273stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003FB), ref: 0040446A
                                            • SetWindowTextA.USER32(00000000,?), ref: 00404494
                                            • SHBrowseForFolderA.SHELL32(?,0041F930,?), ref: 00404545
                                            • CoTaskMemFree.OLE32(00000000), ref: 00404550
                                            • lstrcmpiA.KERNEL32(00422F00,00420560), ref: 00404582
                                            • lstrcatA.KERNEL32(?,00422F00), ref: 0040458E
                                            • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004045A0
                                              • Part of subcall function 004055C6: GetDlgItemTextA.USER32(?,?,00000400,004045D7), ref: 004055D9
                                              • Part of subcall function 00405F83: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403247,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405FDB
                                              • Part of subcall function 00405F83: CharNextA.USER32(?,?,?,00000000), ref: 00405FE8
                                              • Part of subcall function 00405F83: CharNextA.USER32(?,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403247,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405FED
                                              • Part of subcall function 00405F83: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403247,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405FFD
                                            • GetDiskFreeSpaceA.KERNEL32(0041F528,?,?,0000040F,?,0041F528,0041F528,?,00000001,0041F528,?,?,000003FB,?), ref: 0040465E
                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404679
                                              • Part of subcall function 004047D2: lstrlenA.KERNEL32(00420560,00420560,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046ED,000000DF,00000000,00000400,?), ref: 00404870
                                              • Part of subcall function 004047D2: wsprintfA.USER32 ref: 00404878
                                              • Part of subcall function 004047D2: SetDlgItemTextA.USER32(?,00420560), ref: 0040488B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: 1+Y$A
                                            • API String ID: 2624150263-3188640651
                                            • Opcode ID: 2791ad8dea462f80c286cb0a2043f5be7db1b570cc0520d18a76fefdea87e34a
                                            • Instruction ID: 48bb3cce73704eaffcfea5203d7d837f8ca6d65b6ef74f226942c2085550837f
                                            • Opcode Fuzzy Hash: 2791ad8dea462f80c286cb0a2043f5be7db1b570cc0520d18a76fefdea87e34a
                                            • Instruction Fuzzy Hash: 42A15DB1D00208ABDB11AFA5CC85AAF77B8EF85315F10843BF601B62D1D77C9A418F69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402053 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409428,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nsuD628.tmpb, xrefs: 004020DE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: ByteCharCreateInstanceMultiWide
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsuD628.tmpb
                                            • API String ID: 123533781-747246019
                                            • Opcode ID: f904c9ffbb7a6f595784fae2eb367157c76d10f3a9eae397553d623482a071a5
                                            • Instruction ID: e9754819ae81e0cb1bc71d9587b969dd774b7bf2d1a2d1947b358dcbb6cfb0da
                                            • Opcode Fuzzy Hash: f904c9ffbb7a6f595784fae2eb367157c76d10f3a9eae397553d623482a071a5
                                            • Instruction Fuzzy Hash: B8416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402671 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: FileFindFirst
                                            • String ID:
                                            • API String ID: 1974802433-0
                                            • Opcode ID: f2c5339bced567ca154ab0f3a791c5207ccacad3cb83725fdd8846f5bf693d17
                                            • Instruction ID: 242cb030c39592308c7bf63f5fbd6b939de1845bbe0a7c03f578bde05567ad70
                                            • Opcode Fuzzy Hash: f2c5339bced567ca154ab0f3a791c5207ccacad3cb83725fdd8846f5bf693d17
                                            • Instruction Fuzzy Hash: D4F03072A081149FE711EBA4AA499EEB7689B21318F6045BFE101B21C1D6B84945DA2A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403B0A Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B46
                                            • ShowWindow.USER32(?), ref: 00403B63
                                            • DestroyWindow.USER32 ref: 00403B77
                                            • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403B93
                                            • GetDlgItem.USER32(?,?), ref: 00403BB4
                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BC8
                                            • IsWindowEnabled.USER32(00000000), ref: 00403BCF
                                            • GetDlgItem.USER32(?,00000001), ref: 00403C7D
                                            • GetDlgItem.USER32(?,00000002), ref: 00403C87
                                            • SetClassLongA.USER32(?,000000F2,?), ref: 00403CA1
                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CF2
                                            • GetDlgItem.USER32(?,00000003), ref: 00403D98
                                            • ShowWindow.USER32(00000000,?), ref: 00403DB9
                                            • EnableWindow.USER32(?,?), ref: 00403DCB
                                            • EnableWindow.USER32(?,?), ref: 00403DE6
                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DFC
                                            • EnableMenuItem.USER32(00000000), ref: 00403E03
                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E1B
                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E2E
                                            • lstrlenA.KERNEL32(00420560,?,00420560,bomgar Setup), ref: 00403E57
                                            • SetWindowTextA.USER32(?,00420560), ref: 00403E66
                                            • ShowWindow.USER32(?,0000000A), ref: 00403F9A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                            • String ID: bomgar Setup
                                            • API String ID: 184305955-577757075
                                            • Opcode ID: 000b5dbeb4c2b98244275717ffa9cd53a5c1bf35524835951ae7e6536ac0d9a1
                                            • Instruction ID: 21cdcfa054529a6332085a49bf2d0e3de6afe56a2cab6be2f8dcd8ff6ad7b826
                                            • Opcode Fuzzy Hash: 000b5dbeb4c2b98244275717ffa9cd53a5c1bf35524835951ae7e6536ac0d9a1
                                            • Instruction Fuzzy Hash: B3C1C2B1A04205BBDB206F61ED84E2A7EBCEB45706F40453EF601B51E1C73DAA42DB1E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404125 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004041B0
                                            • GetDlgItem.USER32(00000000,000003E8), ref: 004041C4
                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041E2
                                            • GetSysColor.USER32(?), ref: 004041F3
                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404202
                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404211
                                            • lstrlenA.KERNEL32(?), ref: 0040421B
                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404229
                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404238
                                            • GetDlgItem.USER32(?,0000040A), ref: 0040429B
                                            • SendMessageA.USER32(00000000), ref: 0040429E
                                            • GetDlgItem.USER32(?,000003E8), ref: 004042C9
                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404309
                                            • LoadCursorA.USER32(00000000,00007F02), ref: 00404318
                                            • SetCursor.USER32(00000000), ref: 00404321
                                            • ShellExecuteA.SHELL32(0000070B,open,00422F00,00000000,00000000,00000001), ref: 00404334
                                            • LoadCursorA.USER32(00000000,00007F00), ref: 00404341
                                            • SetCursor.USER32(00000000), ref: 00404344
                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404370
                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404384
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                            • String ID: 1+Y$N$open
                                            • API String ID: 3615053054-2443433484
                                            • Opcode ID: cfe563d326ff3ba14c66d80978035dbfe565040b396583b94be917550c41f086
                                            • Instruction ID: 0a865c3cb8c2124e851a098ba0e8469cc50853ebf98a65a9226f8cdf65e02af0
                                            • Opcode Fuzzy Hash: cfe563d326ff3ba14c66d80978035dbfe565040b396583b94be917550c41f086
                                            • Instruction Fuzzy Hash: D761B1B1A40309BBEB109F60DD45B6A3B79FF44715F10813AFB04BA2D1C7B8A9518F98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                            • BeginPaint.USER32(?,?), ref: 00401047
                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                            • DeleteObject.GDI32(?), ref: 004010ED
                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                            • SetTextColor.GDI32(00000000,?), ref: 00401130
                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                            • DrawTextA.USER32(00000000,bomgar Setup,000000FF,00000010,00000820), ref: 00401156
                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                            • DeleteObject.GDI32(?), ref: 00401165
                                            • EndPaint.USER32(?,?), ref: 0040116E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                            • String ID: F$bomgar Setup
                                            • API String ID: 941294808-1119747359
                                            • Opcode ID: 59b821e6c137a525aa64b30f0b2685f18586402458ca5fab725dcceebc24e4a4
                                            • Instruction ID: c2d7682021baf72a2ddeb33d84777ad4cfe3684fd871b91b1e17a7b28e7720f4
                                            • Opcode Fuzzy Hash: 59b821e6c137a525aa64b30f0b2685f18586402458ca5fab725dcceebc24e4a4
                                            • Instruction Fuzzy Hash: 33419C71804249AFCF058F94DD459AF7BB9FF44315F00802AF961AA1A0C738AA51DFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405A6F Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004060B1: GetModuleHandleA.KERNEL32(?,?,?,004032D6,0000000D), ref: 004060C3
                                              • Part of subcall function 004060B1: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,00405804,?,00000000,000000F1,?), ref: 00405ABC
                                            • GetShortPathNameA.KERNEL32(?,004226F0,00000400), ref: 00405AC5
                                            • GetShortPathNameA.KERNEL32(00000000,00422168,00000400), ref: 00405AE2
                                            • wsprintfA.USER32 ref: 00405B00
                                            • GetFileSize.KERNEL32(00000000,00000000,00422168,C0000000,00000004,00422168,?,?,?,00000000,000000F1,?), ref: 00405B3B
                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405B4A
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405B60
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D68,00000000,-0000000A,00409404,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405BA6
                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405BB8
                                            • GlobalFree.KERNEL32(00000000), ref: 00405BBF
                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405BC6
                                              • Part of subcall function 0040596D: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B7B,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405974
                                              • Part of subcall function 0040596D: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B7B,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059A4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                            • String ID: %s=%s$[Rename]$h!B
                                            • API String ID: 3445103937-3667019433
                                            • Opcode ID: 12e87847c6284bd2fdb48ab2c69a62e8b8c1ff5751eac493d0467ed368a19aa4
                                            • Instruction ID: 3dbfeedc99372dc7f19ce49d65069b269cc9926a5cb952b820f8cb71675d1d7f
                                            • Opcode Fuzzy Hash: 12e87847c6284bd2fdb48ab2c69a62e8b8c1ff5751eac493d0467ed368a19aa4
                                            • Instruction Fuzzy Hash: 90410231604B16BBD7206B61AD49F6B3A6CEF51714F140036F905F62D2E67CB8018EBE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405D43 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetVersion.KERNEL32(?,0041FD38,00000000,00405045,0041FD38,00000000), ref: 00405DEB
                                            • GetSystemDirectoryA.KERNEL32(00422F00,00000400), ref: 00405E66
                                            • GetWindowsDirectoryA.KERNEL32(00422F00,00000400), ref: 00405E79
                                            • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405EB5
                                            • SHGetPathFromIDListA.SHELL32(00000000,00422F00), ref: 00405EC3
                                            • CoTaskMemFree.OLE32(00000000), ref: 00405ECE
                                            • lstrcatA.KERNEL32(00422F00,\Microsoft\Internet Explorer\Quick Launch), ref: 00405EF0
                                            • lstrlenA.KERNEL32(00422F00,?,0041FD38,00000000,00405045,0041FD38,00000000), ref: 00405F42
                                            Strings
                                            • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405EEA
                                            • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405E35
                                            • 1+Y, xrefs: 00405D50
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                            • String ID: 1+Y$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                            • API String ID: 900638850-3711799298
                                            • Opcode ID: fd07a64e2c917fdc88e9936cc3aa0f2263febcc8273ce54f5cef6c28eedaa4c1
                                            • Instruction ID: 5fd1599bd7efd41a22e55eb6e120d9a00df5406576cc1d99237e5ca3e2289fb3
                                            • Opcode Fuzzy Hash: fd07a64e2c917fdc88e9936cc3aa0f2263febcc8273ce54f5cef6c28eedaa4c1
                                            • Instruction Fuzzy Hash: DB512431A04A05ABDB209B68DC88B7B7B74DB15714F24813BE551B62D0D73C4A42DF9E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405F83 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403247,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405FDB
                                            • CharNextA.USER32(?,?,?,00000000), ref: 00405FE8
                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403247,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405FED
                                            • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403247,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405FFD
                                            Strings
                                            • "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe", xrefs: 00405FBF
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F84, 00405F89
                                            • *?|<>/":, xrefs: 00405FCB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Char$Next$Prev
                                            • String ID: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 589700163-1780158226
                                            • Opcode ID: add5774134fefb6b4a968e5ffda14362b3630782001e33bdd13cec8e60841bb7
                                            • Instruction ID: 9f2a3a4df015fa59cf41b0daae3ef97081ed0a86dbe5a0510004d2f95aed5279
                                            • Opcode Fuzzy Hash: add5774134fefb6b4a968e5ffda14362b3630782001e33bdd13cec8e60841bb7
                                            • Instruction Fuzzy Hash: 5F11B651809B9219FB3216284C44B776F888F567A0F18407BE9D5722C2D67C5C429B6E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404044 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongA.USER32(?,000000EB), ref: 00404061
                                            • GetSysColor.USER32(00000000), ref: 0040407D
                                            • SetTextColor.GDI32(?,00000000), ref: 00404089
                                            • SetBkMode.GDI32(?,?), ref: 00404095
                                            • GetSysColor.USER32(?), ref: 004040A8
                                            • SetBkColor.GDI32(?,?), ref: 004040B8
                                            • DeleteObject.GDI32(?), ref: 004040D2
                                            • CreateBrushIndirect.GDI32(?), ref: 004040DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                            • String ID:
                                            • API String ID: 2320649405-0
                                            • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                            • Instruction ID: 2914f9829034675b01231dc7e1e32a1071ec540479d11dee030422eaafcba77e
                                            • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                            • Instruction Fuzzy Hash: CC2184B1904704ABC7319F78DD08B4B7BF8AF40714F048A29EA91F22E0C738E904CB55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004026AF Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalAlloc.KERNEL32(00000040,0000BC00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                            • GlobalFree.KERNEL32(?), ref: 00402758
                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                            • GlobalFree.KERNEL32(00000000), ref: 00402771
                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                            • String ID:
                                            • API String ID: 3294113728-0
                                            • Opcode ID: c8ff276278c23f5d036e86294f4ca091a821c163f41ef92036efe06380061b50
                                            • Instruction ID: 48b0395cb5a769e9fe4f529c4b1b326bebce251612e84c62e49e5f7c190c2653
                                            • Opcode Fuzzy Hash: c8ff276278c23f5d036e86294f4ca091a821c163f41ef92036efe06380061b50
                                            • Instruction Fuzzy Hash: DD31AF71C00128BBCF116FA5DE49DAE7A79EF05364F10423AF910762E0C6794D019B99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040500D Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000,?), ref: 00405046
                                            • lstrlenA.KERNEL32(00402C7D,0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000), ref: 00405056
                                            • lstrcatA.KERNEL32(0041FD38,00402C7D,00402C7D,0041FD38,00000000,00000000,00000000), ref: 00405069
                                            • SetWindowTextA.USER32(0041FD38,0041FD38), ref: 0040507B
                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050A1
                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050BB
                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                            • String ID:
                                            • API String ID: 2531174081-0
                                            • Opcode ID: 036238193e899a7d515c18505b4ab650d459eef2e6955256735799677bfaef3e
                                            • Instruction ID: bb900c589dfe28ee6fcc6574dbd03cff3b9553347880f9de4956e2f10f592daa
                                            • Opcode Fuzzy Hash: 036238193e899a7d515c18505b4ab650d459eef2e6955256735799677bfaef3e
                                            • Instruction Fuzzy Hash: 0B219DB2900508BBCF119FA5CD859DFBFB9EF05354F14803AF504B6290C3398A819FA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402C06 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000,00000000), ref: 00402C1E
                                            • GetTickCount.KERNEL32 ref: 00402C3C
                                            • wsprintfA.USER32 ref: 00402C6A
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000,?), ref: 00405046
                                              • Part of subcall function 0040500D: lstrlenA.KERNEL32(00402C7D,0041FD38,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C7D,00000000), ref: 00405056
                                              • Part of subcall function 0040500D: lstrcatA.KERNEL32(0041FD38,00402C7D,00402C7D,0041FD38,00000000,00000000,00000000), ref: 00405069
                                              • Part of subcall function 0040500D: SetWindowTextA.USER32(0041FD38,0041FD38), ref: 0040507B
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050A1
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050BB
                                              • Part of subcall function 0040500D: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050C9
                                            • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C8E
                                            • ShowWindow.USER32(00000000,00000005), ref: 00402C9C
                                              • Part of subcall function 00402BEA: MulDiv.KERNEL32(00000000,00000064,0000FE63), ref: 00402BFF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                            • String ID: ... %d%%
                                            • API String ID: 722711167-2449383134
                                            • Opcode ID: a4c11f7828c05b1f2648dcea637720e4bee283c0b30f9b9cc4addcf8f3bacaaa
                                            • Instruction ID: fec8eda0acaaa38f2dbc4805c85c75f457fa4e7a2d458fdc0aedac4268e70dc6
                                            • Opcode Fuzzy Hash: a4c11f7828c05b1f2648dcea637720e4bee283c0b30f9b9cc4addcf8f3bacaaa
                                            • Instruction Fuzzy Hash: 22015E30909224BBD6226F61AF0DA9E7778AB15705B14807BF401F12E1D6BC9941CF9E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004048DC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048F7
                                            • GetMessagePos.USER32 ref: 004048FF
                                            • ScreenToClient.USER32(?,?), ref: 00404919
                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 0040492B
                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404951
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Message$Send$ClientScreen
                                            • String ID: f
                                            • API String ID: 41195575-1993550816
                                            • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                            • Instruction ID: 1090f3cf8dd5ddc0d7682c0fd99123561da08f9dbf3ff8677cc11afcddd40771
                                            • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                            • Instruction Fuzzy Hash: 21019E71D00219BADB00DBA4CC81BFFBBBCAB49711F10012BBB10B62D0C3B4A9018BA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402B6E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                            • wsprintfA.USER32 ref: 00402BBD
                                            • SetWindowTextA.USER32(?,?), ref: 00402BCD
                                            • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Text$ItemTimerWindowwsprintf
                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                            • API String ID: 1451636040-1158693248
                                            • Opcode ID: 4983a2c16c870c96535b8754f53a3967a3dfbc709247a605f035b1a11c97a60d
                                            • Instruction ID: 94db493191afd86370f4f1b5c765ff711fe23b6354a2f96364a163d8e2e23a0e
                                            • Opcode Fuzzy Hash: 4983a2c16c870c96535b8754f53a3967a3dfbc709247a605f035b1a11c97a60d
                                            • Instruction Fuzzy Hash: 89F0127090420DEAEF205F50DD0AFAE3779EB00345F00807AF605A51D1D7B899559B99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403A3D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowTextA.USER32(00000000,bomgar Setup), ref: 00403AD5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: TextWindow
                                            • String ID: "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"$1+Y$1033$bomgar Setup
                                            • API String ID: 530164218-892845789
                                            • Opcode ID: 80e4a7a490d0c1e8a67c7ac27d5336d25d1182aef62f2d3f67d5d984b97e4773
                                            • Instruction ID: a863bc82cce6da43c105b99400ba016444acb35cd5abaae2944d851e729b17e4
                                            • Opcode Fuzzy Hash: 80e4a7a490d0c1e8a67c7ac27d5336d25d1182aef62f2d3f67d5d984b97e4773
                                            • Instruction Fuzzy Hash: DA11AE71B046119BC734DF15EC80A377BBCEB85716369813FE841AB3A1D73D9A428E98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402A69 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A8A
                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                            • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                            • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Close$DeleteEnumOpen
                                            • String ID:
                                            • API String ID: 1912718029-0
                                            • Opcode ID: 4ef6cb6ab3a6900faea0c6e676d2a8bb036ded279a8d5508a023aa86b3fa6db4
                                            • Instruction ID: ce146f3739711a0937301366c835e0201cdb86e379d320d352092a7933602af8
                                            • Opcode Fuzzy Hash: 4ef6cb6ab3a6900faea0c6e676d2a8bb036ded279a8d5508a023aa86b3fa6db4
                                            • Instruction Fuzzy Hash: B8114C71600009FFDF219F90DE88EAA3B79FB44344B104076FA09B11A0DBB89E51BF69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?), ref: 00401CE2
                                            • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                            • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                            • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                            • DeleteObject.GDI32(00000000), ref: 00401D2D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                            • String ID:
                                            • API String ID: 1849352358-0
                                            • Opcode ID: 9de43c19b512b3abd1d95c3faeca4dfb868924179ed6644d2db64f4c21fe3042
                                            • Instruction ID: 7545412317e5a622a36c1de8dc0c8cf6fdea09e5fcf29a6b2b772780282cc518
                                            • Opcode Fuzzy Hash: 9de43c19b512b3abd1d95c3faeca4dfb868924179ed6644d2db64f4c21fe3042
                                            • Instruction Fuzzy Hash: 24F0EC72A04118AFD701EBA4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004058A8 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharNextA.USER32(ZV@,?,C:\,00000000,0040590C,C:\,C:\,?,?,74DF2EE0,0040565A,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004058B6
                                            • CharNextA.USER32(00000000), ref: 004058BB
                                            • CharNextA.USER32(00000000), ref: 004058CA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CharNext
                                            • String ID: C:\$ZV@
                                            • API String ID: 3213498283-1691066070
                                            • Opcode ID: 821b75fc0c0bf8a8a2143e6ed4d527e8d42290358c57660450d09f70a8aefd19
                                            • Instruction ID: 063860c29e31d65c79f24e623bff846ba91aae2f580280d99724469f52e8141f
                                            • Opcode Fuzzy Hash: 821b75fc0c0bf8a8a2143e6ed4d527e8d42290358c57660450d09f70a8aefd19
                                            • Instruction Fuzzy Hash: CFF02753D00F201AE72332648C44B6B5BBCDB55320F108037EA01B61D086BC4CA2DFEA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004047D2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(00420560,00420560,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046ED,000000DF,00000000,00000400,?), ref: 00404870
                                            • wsprintfA.USER32 ref: 00404878
                                            • SetDlgItemTextA.USER32(?,00420560), ref: 0040488B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: ItemTextlstrlenwsprintf
                                            • String ID: %u.%u%s%s
                                            • API String ID: 3540041739-3551169577
                                            • Opcode ID: 8d6e150cdcc48afa662126c740e8ccfc3dec63ab2e60e5059842ceaae5843276
                                            • Instruction ID: 53c00d661ace721318b882c44888961330737a074d7cba72e9b637c7bd05820c
                                            • Opcode Fuzzy Hash: 8d6e150cdcc48afa662126c740e8ccfc3dec63ab2e60e5059842ceaae5843276
                                            • Instruction Fuzzy Hash: 22110A73A041283BDB00666D9C45EAF3298DF81374F254637FA25F71D1E978CD5245E8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: MessageSend$Timeout
                                            • String ID: !
                                            • API String ID: 1777923405-2657877971
                                            • Opcode ID: 24ace4260923f7930d55986795597da3e3352855fda5fc3cce20b9e2bb91e3b1
                                            • Instruction ID: 6f3ad55554716f4764f449d0f51e3e69756ad77e3199b43e2e9e20fcf65f7e76
                                            • Opcode Fuzzy Hash: 24ace4260923f7930d55986795597da3e3352855fda5fc3cce20b9e2bb91e3b1
                                            • Instruction Fuzzy Hash: AB21A171A44149BEEF02AFF4C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405814 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403259,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 0040581A
                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403259,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004033FA), ref: 00405823
                                            • lstrcatA.KERNEL32(?,00409010), ref: 00405834
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405814
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CharPrevlstrcatlstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 2659869361-3081826266
                                            • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                            • Instruction ID: b953d73acdc671ec3db8de66b297c780ebd6c374375e4439b4f8447d0c7ade09
                                            • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                            • Instruction Fuzzy Hash: BFD0A9B2605E302AD3023A158C09E8B2A08CF12340B048833F500B2292C27C1D828FFE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402336 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402374
                                            • lstrlenA.KERNEL32(0040A430,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402394
                                            • RegSetValueExA.ADVAPI32(?,?,?,?,0040A430,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CD
                                            • RegCloseKey.ADVAPI32(?,?,?,0040A430,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CloseCreateValuelstrlen
                                            • String ID:
                                            • API String ID: 1356686001-0
                                            • Opcode ID: 647d243f0ae3265cffea33b96c103a77df0dfcccfeac8675efc699e49bacd0c5
                                            • Instruction ID: 44695dca3a1182933c58053e09f43f066e709c2f42d88b2b2e5d48b74d539a92
                                            • Opcode Fuzzy Hash: 647d243f0ae3265cffea33b96c103a77df0dfcccfeac8675efc699e49bacd0c5
                                            • Instruction Fuzzy Hash: 7511A271E00208BEEB10EFA5DE89EAF7A78EB40758F10443AF505B31D1C6B85D419A69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401D38 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(?), ref: 00401D3F
                                            • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                            • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                            • CreateFontIndirectA.GDI32(0040B034), ref: 00401DA7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CapsCreateDeviceFontIndirect
                                            • String ID:
                                            • API String ID: 3272661963-0
                                            • Opcode ID: 270685dac792171dcdf9d51eb1502def5d31926f699fc2ffb5e64ceeb9e89bf9
                                            • Instruction ID: a06a42b7cbeec7a3c97d04816844a15104b4f822d3014d6430bb8d15030f1395
                                            • Opcode Fuzzy Hash: 270685dac792171dcdf9d51eb1502def5d31926f699fc2ffb5e64ceeb9e89bf9
                                            • Instruction Fuzzy Hash: 2DF062B1A49280AFE71167B0AF5EB9B3F64D711705F104876F251BA2E3C7BD04448BAE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404F5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 00404F93
                                            • CallWindowProcA.USER32(?,00000200,?,?), ref: 00405001
                                              • Part of subcall function 00404029: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040403B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: Window$CallMessageProcSendVisible
                                            • String ID:
                                            • API String ID: 3748168415-3916222277
                                            • Opcode ID: ec9267180d5be8b7ad78ca72f0bd8fdd7297eee8f2d9814f26ee661216270ee8
                                            • Instruction ID: 1770b4bd89ea23dc0a180c3834dc5fb2733a542034085898de20627c78673f50
                                            • Opcode Fuzzy Hash: ec9267180d5be8b7ad78ca72f0bd8fdd7297eee8f2d9814f26ee661216270ee8
                                            • Instruction Fuzzy Hash: 29116D71600219BBDF219F91DD8499B3769EF44355F00803BFA0879191C37C8D919FA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040585B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402D11,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,80000000,00000003), ref: 00405861
                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D11,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe,80000000,00000003), ref: 0040586F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: CharPrevlstrlen
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 2709904686-224404859
                                            • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                            • Instruction ID: f61b7ae6bf40e5cc9c35f61cbf45b24ff0c9e96b4372fb0d7c68c414ce192145
                                            • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                            • Instruction Fuzzy Hash: CBD0C7B3409D706EE30362259C04B9F7A88DF16700F098462E541A6191C27C5D518FED
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040596D Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B7B,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405974
                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040598D
                                            • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 0040599B
                                            • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B7B,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059A4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1685181629.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1685139250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685205422.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685225720.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1685403474.0000000000430000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.jbxd
                                            Similarity
                                            • API ID: lstrlen$CharNextlstrcmpi
                                            • String ID:
                                            • API String ID: 190613189-0
                                            • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                            • Instruction ID: ee619dc5e08c6572947f4b50b2e51bf0bd34e6aeb8c189e9f17c4498373574be
                                            • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                            • Instruction Fuzzy Hash: 15F0A776209D51EFD3029B259C04D6F6B94EF92324B14057AF440F2180D33D99169BBB
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Execution Graph

                                            Execution Coverage:7.6%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:1.5%
                                            Total number of Nodes:871
                                            Total number of Limit Nodes:29
                                            execution_graph 4032 7ff64b5c1820 GetWindowLongPtrW 4033 7ff64b5c1860 4032->4033 4034 7ff64b5c18e4 4032->4034 4033->4034 4039 7ff64b5c1870 SetLastError SetWindowLongPtrW 4033->4039 4035 7ff64b5c199a DefWindowProcW 4034->4035 4036 7ff64b5c1902 EnterCriticalSection 4034->4036 4037 7ff64b5c190b 4034->4037 4038 7ff64b5c19ac 4035->4038 4036->4037 4040 7ff64b5c1aee 4037->4040 4041 7ff64b5c1915 4037->4041 4042 7ff64b5c188e GetLastError 4039->4042 4043 7ff64b5c18a6 GetWindowLongPtrW 4039->4043 4046 7ff64b5c1c63 4040->4046 4047 7ff64b5c1af8 4040->4047 4044 7ff64b5c1ab9 4041->4044 4045 7ff64b5c191b 4041->4045 4042->4043 4048 7ff64b5c1898 4042->4048 4043->4035 4049 7ff64b5c18c0 4043->4049 4054 7ff64b5c1adf DestroyWindow 4044->4054 4055 7ff64b5c1abe EnterCriticalSection DestroyWindow LeaveCriticalSection 4044->4055 4052 7ff64b5c19d4 4045->4052 4053 7ff64b5c1927 4045->4053 4050 7ff64b5c1c95 4046->4050 4051 7ff64b5c1c68 EnterCriticalSection 4046->4051 4064 7ff64b5c1b13 4047->4064 4065 7ff64b5c1b0a EnterCriticalSection 4047->4065 4104 7ff64b5c198c 4047->4104 4056 7ff64b5c1280 12 API calls 4048->4056 4049->4034 4057 7ff64b5c18c9 EnterCriticalSection LeaveCriticalSection 4049->4057 4062 7ff64b5c1650 16 API calls 4050->4062 4058 7ff64b5c1650 16 API calls 4051->4058 4108 7ff64b5c1280 4052->4108 4060 7ff64b5c196d 4053->4060 4061 7ff64b5c192c 4053->4061 4054->4035 4063 7ff64b5c1991 LeaveCriticalSection 4055->4063 4056->4043 4057->4034 4066 7ff64b5c1c79 LeaveCriticalSection LeaveCriticalSection 4058->4066 4069 7ff64b5c1972 EnterCriticalSection PostQuitMessage LeaveCriticalSection 4060->4069 4070 7ff64b5c19ca PostQuitMessage 4060->4070 4068 7ff64b5c1931 4061->4068 4061->4104 4062->4038 4063->4035 4071 7ff64b5c1b3e 4064->4071 4072 7ff64b5c1b1c 4064->4072 4065->4064 4066->4038 4068->4050 4076 7ff64b5c193a EnterCriticalSection 4068->4076 4069->4104 4070->4035 4073 7ff64b5c1b43 EnterCriticalSection 4071->4073 4088 7ff64b5c1b4c 4071->4088 4077 7ff64b5c1b26 PostMessageW 4072->4077 4078 7ff64b5c1bbb 4072->4078 4073->4088 4074 7ff64b5c19f5 SetWindowPos 4079 7ff64b5c1a1f GetLastError 4074->4079 4080 7ff64b5c1a33 SetTimer 4074->4080 4075 7ff64b5c19ec EnterCriticalSection 4075->4074 4113 7ff64b5c1650 4076->4113 4077->4078 4078->4035 4082 7ff64b5c1bc4 LeaveCriticalSection 4078->4082 4084 7ff64b5c1280 12 API calls 4079->4084 4086 7ff64b5c1a4f GetLastError 4080->4086 4087 7ff64b5c1a63 SetTimer 4080->4087 4082->4063 4083 7ff64b5c1bd2 GetSystemMetrics GetSystemMetrics MoveWindow 4092 7ff64b5c1c1f GetLastError 4083->4092 4093 7ff64b5c1c33 InvalidateRect 4083->4093 4084->4080 4091 7ff64b5c1280 12 API calls 4086->4091 4094 7ff64b5c1a7f GetLastError 4087->4094 4095 7ff64b5c1a93 4087->4095 4088->4083 4089 7ff64b5c1b76 GetObjectW 4088->4089 4089->4088 4099 7ff64b5c1b99 4089->4099 4090 7ff64b5c195d LeaveCriticalSection 4090->4038 4091->4087 4100 7ff64b5c1280 12 API calls 4092->4100 4093->4035 4096 7ff64b5c1c4c LeaveCriticalSection LeaveCriticalSection 4093->4096 4101 7ff64b5c1280 12 API calls 4094->4101 4097 7ff64b5c1aa1 4095->4097 4098 7ff64b5c1a98 LeaveCriticalSection 4095->4098 4096->4063 4102 7ff64b5c1280 12 API calls 4097->4102 4098->4097 4099->4083 4103 7ff64b5c1b9d 4099->4103 4100->4093 4101->4095 4102->4104 4105 7ff64b5c1280 12 API calls 4103->4105 4104->4035 4104->4063 4106 7ff64b5c1ba9 4105->4106 4106->4035 4107 7ff64b5c1bb2 LeaveCriticalSection 4106->4107 4107->4078 4119 7ff64b5c2cb0 4108->4119 4114 7ff64b5c1747 4113->4114 4115 7ff64b5c167b 4113->4115 4116 7ff64b5c2030 _handle_error 8 API calls 4114->4116 4115->4114 4117 7ff64b5c1688 8 API calls 4115->4117 4118 7ff64b5c1757 LeaveCriticalSection 4116->4118 4117->4114 4118->4038 4118->4090 4120 7ff64b5c12c0 GetCurrentThreadId wsprintfA wvsprintfA OutputDebugStringA 4119->4120 4121 7ff64b5c2030 4120->4121 4122 7ff64b5c203a 4121->4122 4123 7ff64b5c1314 4122->4123 4124 7ff64b5c2310 IsProcessorFeaturePresent 4122->4124 4123->4074 4123->4075 4125 7ff64b5c2327 4124->4125 4130 7ff64b5c23e4 RtlCaptureContext 4125->4130 4131 7ff64b5c23fe RtlLookupFunctionEntry 4130->4131 4132 7ff64b5c2414 RtlVirtualUnwind 4131->4132 4133 7ff64b5c233a 4131->4133 4132->4131 4132->4133 4134 7ff64b5c22d4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4133->4134 4574 7ff64b5c2060 4575 7ff64b5c2070 4574->4575 4591 7ff64b5c4728 4575->4591 4577 7ff64b5c207c 4597 7ff64b5c24e0 4577->4597 4579 7ff64b5c27f4 __scrt_fastfail 7 API calls 4581 7ff64b5c2115 4579->4581 4580 7ff64b5c2094 _RTC_Initialize 4589 7ff64b5c20e9 4580->4589 4602 7ff64b5c2690 4580->4602 4583 7ff64b5c20a9 4605 7ff64b5c3f8c 4583->4605 4589->4579 4590 7ff64b5c2105 4589->4590 4592 7ff64b5c4739 4591->4592 4593 7ff64b5c5b14 _set_fmode 14 API calls 4592->4593 4594 7ff64b5c4741 4592->4594 4595 7ff64b5c4750 4593->4595 4594->4577 4596 7ff64b5c58a8 _invalid_parameter_noinfo 31 API calls 4595->4596 4596->4594 4598 7ff64b5c24f1 4597->4598 4601 7ff64b5c24f6 __scrt_release_startup_lock 4597->4601 4599 7ff64b5c27f4 __scrt_fastfail 7 API calls 4598->4599 4598->4601 4600 7ff64b5c256a 4599->4600 4601->4580 4630 7ff64b5c2654 4602->4630 4604 7ff64b5c2699 4604->4583 4606 7ff64b5c3fac 4605->4606 4607 7ff64b5c20b5 4605->4607 4608 7ff64b5c3fb4 4606->4608 4609 7ff64b5c3fca GetModuleFileNameW 4606->4609 4607->4589 4629 7ff64b5c2774 InitializeSListHead 4607->4629 4610 7ff64b5c5b14 _set_fmode 14 API calls 4608->4610 4613 7ff64b5c3ff5 4609->4613 4611 7ff64b5c3fb9 4610->4611 4612 7ff64b5c58a8 _invalid_parameter_noinfo 31 API calls 4611->4612 4612->4607 4645 7ff64b5c3f2c 4613->4645 4616 7ff64b5c403d 4617 7ff64b5c5b14 _set_fmode 14 API calls 4616->4617 4618 7ff64b5c4042 4617->4618 4619 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4618->4619 4619->4607 4620 7ff64b5c4077 4622 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4620->4622 4621 7ff64b5c4055 4621->4620 4623 7ff64b5c40a3 4621->4623 4624 7ff64b5c40bc 4621->4624 4622->4607 4625 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4623->4625 4627 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4624->4627 4626 7ff64b5c40ac 4625->4626 4628 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4626->4628 4627->4620 4628->4607 4631 7ff64b5c266e 4630->4631 4632 7ff64b5c2667 4630->4632 4634 7ff64b5c4c7c 4631->4634 4632->4604 4637 7ff64b5c48c8 4634->4637 4644 7ff64b5c6df8 EnterCriticalSection 4637->4644 4646 7ff64b5c3f7c 4645->4646 4647 7ff64b5c3f44 4645->4647 4646->4616 4646->4621 4647->4646 4648 7ff64b5c5b34 _invalid_parameter_noinfo 14 API calls 4647->4648 4649 7ff64b5c3f72 4648->4649 4650 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4649->4650 4650->4646 4651 7ff64b5c5260 4652 7ff64b5c5265 4651->4652 4656 7ff64b5c527a 4651->4656 4657 7ff64b5c5280 4652->4657 4658 7ff64b5c52ca 4657->4658 4659 7ff64b5c52c2 4657->4659 4660 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4658->4660 4661 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4659->4661 4662 7ff64b5c52d7 4660->4662 4661->4658 4663 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4662->4663 4664 7ff64b5c52e4 4663->4664 4665 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4664->4665 4666 7ff64b5c52f1 4665->4666 4667 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4666->4667 4668 7ff64b5c52fe 4667->4668 4669 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4668->4669 4670 7ff64b5c530b 4669->4670 4671 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4670->4671 4672 7ff64b5c5318 4671->4672 4673 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4672->4673 4674 7ff64b5c5325 4673->4674 4675 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4674->4675 4676 7ff64b5c5335 4675->4676 4677 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4676->4677 4678 7ff64b5c5345 4677->4678 4683 7ff64b5c5124 4678->4683 4697 7ff64b5c6df8 EnterCriticalSection 4683->4697 4852 7ff64b5c4d20 4855 7ff64b5c4308 4852->4855 4862 7ff64b5c42d0 4855->4862 4863 7ff64b5c42e0 4862->4863 4864 7ff64b5c42e5 4862->4864 4865 7ff64b5c428c 14 API calls 4863->4865 4866 7ff64b5c42ec 4864->4866 4865->4864 4867 7ff64b5c4301 4866->4867 4868 7ff64b5c42fc 4866->4868 4870 7ff64b5c428c 4867->4870 4869 7ff64b5c428c 14 API calls 4868->4869 4869->4867 4871 7ff64b5c42c2 4870->4871 4872 7ff64b5c4291 4870->4872 4873 7ff64b5c42ba 4872->4873 4874 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4872->4874 4875 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4873->4875 4874->4872 4875->4871 4699 7ff64b5c8c64 4700 7ff64b5c8c8c 4699->4700 4706 7ff64b5c8c9a 4699->4706 4700->4706 4715 7ff64b5c4efc 4700->4715 4703 7ff64b5c8cc6 4723 7ff64b5ca6a8 4703->4723 4704 7ff64b5c8ce8 4704->4706 4726 7ff64b5ca65c 4704->4726 4709 7ff64b5c8d7e 4711 7ff64b5c6bf8 MultiByteToWideChar 4709->4711 4710 7ff64b5c8d2c 4712 7ff64b5c8d61 4710->4712 4729 7ff64b5c6bf8 4710->4729 4711->4712 4712->4706 4714 7ff64b5c5b14 _set_fmode 14 API calls 4712->4714 4714->4706 4716 7ff64b5c4f20 4715->4716 4717 7ff64b5c4f1b 4715->4717 4716->4717 4718 7ff64b5c53e0 34 API calls 4716->4718 4717->4703 4717->4704 4719 7ff64b5c4f3b 4718->4719 4732 7ff64b5c8dec 4719->4732 4756 7ff64b5caa3c 4723->4756 4727 7ff64b5c4efc 34 API calls 4726->4727 4728 7ff64b5c8d28 4727->4728 4728->4709 4728->4710 4730 7ff64b5c6c00 MultiByteToWideChar 4729->4730 4733 7ff64b5c8e01 4732->4733 4734 7ff64b5c4f5e 4732->4734 4733->4734 4740 7ff64b5c7ce0 4733->4740 4736 7ff64b5c8e20 4734->4736 4737 7ff64b5c8e48 4736->4737 4738 7ff64b5c8e35 4736->4738 4737->4717 4738->4737 4753 7ff64b5c68f0 4738->4753 4741 7ff64b5c53e0 34 API calls 4740->4741 4742 7ff64b5c7cef 4741->4742 4743 7ff64b5c7d3a 4742->4743 4752 7ff64b5c6df8 EnterCriticalSection 4742->4752 4743->4734 4754 7ff64b5c53e0 34 API calls 4753->4754 4755 7ff64b5c68f9 4754->4755 4758 7ff64b5caa99 4756->4758 4761 7ff64b5caaa5 4756->4761 4757 7ff64b5c2030 _handle_error 8 API calls 4760 7ff64b5ca6bb 4757->4760 4758->4757 4759 7ff64b5c5b14 _set_fmode 14 API calls 4759->4758 4760->4706 4761->4758 4761->4759 4876 7ff64b5cb220 4877 7ff64b5cb231 CloseHandle 4876->4877 4878 7ff64b5cb237 4876->4878 4877->4878 5040 7ff64b5c82e0 5041 7ff64b5c8319 5040->5041 5042 7ff64b5c82ea 5040->5042 5042->5041 5043 7ff64b5c82ff FreeLibrary 5042->5043 5043->5042 4525 7ff64b5c6db0 4526 7ff64b5c6db8 4525->4526 4528 7ff64b5c6de9 4526->4528 4529 7ff64b5c6de5 4526->4529 4531 7ff64b5c810c 4526->4531 4536 7ff64b5c6e20 4528->4536 4532 7ff64b5c7db8 try_get_function 5 API calls 4531->4532 4533 7ff64b5c8142 4532->4533 4534 7ff64b5c814c 4533->4534 4535 7ff64b5c8157 InitializeCriticalSectionAndSpinCount 4533->4535 4534->4526 4535->4534 4537 7ff64b5c6e4b 4536->4537 4538 7ff64b5c6e4f 4537->4538 4539 7ff64b5c6e2e DeleteCriticalSection 4537->4539 4538->4529 4539->4537 4879 7ff64b5c2130 4886 7ff64b5c29d8 SetUnhandledExceptionFilter 4879->4886 4887 7ff64b5c5630 4894 7ff64b5c7fe0 4887->4894 4895 7ff64b5c7db8 try_get_function 5 API calls 4894->4895 4896 7ff64b5c8008 TlsAlloc 4895->4896 5044 7ff64b5c29f0 5045 7ff64b5c2a24 5044->5045 5046 7ff64b5c2a08 5044->5046 5046->5045 5053 7ff64b5c3104 5046->5053 5051 7ff64b5c4e68 34 API calls 5052 7ff64b5c2a4a 5051->5052 5054 7ff64b5c31d0 43 API calls 5053->5054 5055 7ff64b5c2a36 5054->5055 5056 7ff64b5c3118 5055->5056 5057 7ff64b5c31d0 43 API calls 5056->5057 5058 7ff64b5c2a42 5057->5058 5058->5051 5059 7ff64b5c47f0 5062 7ff64b5c4768 5059->5062 5069 7ff64b5c6df8 EnterCriticalSection 5062->5069 4762 7ff64b5c2274 4765 7ff64b5c2984 GetModuleHandleW 4762->4765 4764 7ff64b5c227b 4766 7ff64b5c2995 4765->4766 4766->4764 4767 7ff64b5cbf70 4770 7ff64b5c3b78 4767->4770 4771 7ff64b5c555c _invalid_parameter_noinfo 14 API calls 4770->4771 4772 7ff64b5c3b96 4771->4772 4898 7ff64b5c4533 4899 7ff64b5c4e68 34 API calls 4898->4899 4900 7ff64b5c4538 4899->4900 5070 7ff64b5c8bf0 5071 7ff64b5c8bfb 5070->5071 5079 7ff64b5ca508 5071->5079 5092 7ff64b5c6df8 EnterCriticalSection 5079->5092 4901 7ff64b5cac2b 4902 7ff64b5cac6b 4901->4902 4904 7ff64b5caed0 4901->4904 4903 7ff64b5caeb2 4902->4903 4902->4904 4906 7ff64b5cac9f 4902->4906 4909 7ff64b5cb7b0 4903->4909 4905 7ff64b5caec6 4904->4905 4908 7ff64b5cb7b0 _log10_special 23 API calls 4904->4908 4908->4905 4912 7ff64b5cb7d0 4909->4912 4913 7ff64b5cb7ea 4912->4913 4914 7ff64b5cb7cb 4913->4914 4916 7ff64b5cb614 4913->4916 4914->4905 4917 7ff64b5cb654 _handle_error 4916->4917 4920 7ff64b5cb6c0 _handle_error 4917->4920 4927 7ff64b5cb8d0 4917->4927 4919 7ff64b5cb6fd 4934 7ff64b5cbc08 4919->4934 4920->4919 4921 7ff64b5cb6cd 4920->4921 4930 7ff64b5cb4f0 4921->4930 4924 7ff64b5cb6fb _handle_error 4925 7ff64b5c2030 _handle_error 8 API calls 4924->4925 4926 7ff64b5cb725 4925->4926 4926->4914 4940 7ff64b5cb8f8 4927->4940 4931 7ff64b5cb534 _handle_error 4930->4931 4932 7ff64b5cb549 4931->4932 4933 7ff64b5cbc08 _set_errno_from_matherr 14 API calls 4931->4933 4932->4924 4933->4932 4935 7ff64b5cbc11 4934->4935 4936 7ff64b5cbc26 4934->4936 4938 7ff64b5c5b14 _set_fmode 14 API calls 4935->4938 4939 7ff64b5cbc1e 4935->4939 4937 7ff64b5c5b14 _set_fmode 14 API calls 4936->4937 4937->4939 4938->4939 4939->4924 4941 7ff64b5cb937 _raise_exc _clrfp 4940->4941 4942 7ff64b5cbb4c RaiseException 4941->4942 4943 7ff64b5cb8f2 4942->4943 4943->4920 5093 7ff64b5cc0ec 5094 7ff64b5cc0fb 5093->5094 5095 7ff64b5cc105 5093->5095 5097 7ff64b5c6e58 LeaveCriticalSection 5094->5097 4540 7ff64b5cbfa6 4541 7ff64b5cbfbe 4540->4541 4547 7ff64b5cc029 4540->4547 4541->4547 4548 7ff64b5c31d0 4541->4548 4544 7ff64b5c31d0 43 API calls 4545 7ff64b5cc020 4544->4545 4546 7ff64b5c4e68 34 API calls 4545->4546 4546->4547 4554 7ff64b5c31ec 4548->4554 4551 7ff64b5c31de 4551->4544 4552 7ff64b5c4e9c 34 API calls 4553 7ff64b5c31e8 4552->4553 4555 7ff64b5c31d9 4554->4555 4556 7ff64b5c320b GetLastError 4554->4556 4555->4551 4555->4552 4566 7ff64b5c3560 4556->4566 4567 7ff64b5c3384 __vcrt_InitializeCriticalSectionEx 5 API calls 4566->4567 4568 7ff64b5c3587 TlsGetValue 4567->4568 4135 7ff64b5c13c0 4136 7ff64b5c1280 12 API calls 4135->4136 4137 7ff64b5c13dd 4136->4137 4138 7ff64b5c13e7 4137->4138 4139 7ff64b5c13fb 4137->4139 4142 7ff64b5c1280 12 API calls 4138->4142 4140 7ff64b5c140e EnterCriticalSection 4139->4140 4141 7ff64b5c1417 LocalAlloc 4139->4141 4140->4141 4144 7ff64b5c142f 4141->4144 4145 7ff64b5c1449 wsprintfW 4141->4145 4143 7ff64b5c13f3 4142->4143 4150 7ff64b5c1280 12 API calls 4143->4150 4144->4143 4146 7ff64b5c143b LeaveCriticalSection 4144->4146 4147 7ff64b5c1470 4145->4147 4148 7ff64b5c1467 LeaveCriticalSection 4145->4148 4146->4143 4179 7ff64b5c1320 4147->4179 4148->4147 4152 7ff64b5c1641 4150->4152 4153 7ff64b5c14bf GetLastError 4156 7ff64b5c14f3 4153->4156 4157 7ff64b5c14cc PostMessageW LocalFree 4153->4157 4154 7ff64b5c1499 GetLastError 4155 7ff64b5c1280 12 API calls 4154->4155 4159 7ff64b5c14ad LocalFree 4155->4159 4158 7ff64b5c1280 12 API calls 4156->4158 4157->4143 4160 7ff64b5c1504 4158->4160 4159->4143 4161 7ff64b5c1535 wsprintfW 4160->4161 4162 7ff64b5c1509 EnterCriticalSection wsprintfW LeaveCriticalSection 4160->4162 4163 7ff64b5c154d CreateEventW 4161->4163 4162->4163 4164 7ff64b5c157e 4163->4164 4165 7ff64b5c1568 GetLastError 4163->4165 4167 7ff64b5c1280 12 API calls 4164->4167 4165->4164 4166 7ff64b5c1575 SetEvent 4165->4166 4166->4164 4168 7ff64b5c158a WaitForSingleObject 4167->4168 4169 7ff64b5c159c 4168->4169 4170 7ff64b5c15db EnterCriticalSection PostMessageW LeaveCriticalSection 4168->4170 4171 7ff64b5c1603 LocalFree 4169->4171 4172 7ff64b5c15c3 4169->4172 4175 7ff64b5c15cf 4169->4175 4177 7ff64b5c15af GetLastError 4169->4177 4170->4171 4171->4143 4174 7ff64b5c1611 CloseHandle 4171->4174 4173 7ff64b5c1280 12 API calls 4172->4173 4173->4175 4174->4143 4176 7ff64b5c1280 12 API calls 4175->4176 4176->4170 4178 7ff64b5c1280 12 API calls 4177->4178 4178->4172 4180 7ff64b5c2cb0 __scrt_fastfail 4179->4180 4181 7ff64b5c1360 GetCurrentThreadId wsprintfW wvsprintfW OutputDebugStringW 4180->4181 4182 7ff64b5c2030 _handle_error 8 API calls 4181->4182 4183 7ff64b5c13b4 CreateEventW 4182->4183 4183->4153 4183->4154 4570 7ff64b5c4d80 4571 7ff64b5c4d99 4570->4571 4572 7ff64b5c4db1 4570->4572 4571->4572 4573 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4571->4573 4573->4572 4773 7ff64b5c2e40 4775 7ff64b5c2e70 _IsNonwritableInCurrentImage __C_specific_handler __except_validate_context_record 4773->4775 4774 7ff64b5c2f61 4775->4774 4776 7ff64b5c2f2c RtlUnwindEx 4775->4776 4776->4775 4777 7ff64b5c7440 4778 7ff64b5c744c 4777->4778 4780 7ff64b5c7473 4778->4780 4781 7ff64b5c6f58 4778->4781 4782 7ff64b5c6f98 4781->4782 4783 7ff64b5c6f5d 4781->4783 4782->4778 4784 7ff64b5c6f90 4783->4784 4785 7ff64b5c6f7e DeleteCriticalSection 4783->4785 4786 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4784->4786 4785->4784 4785->4785 4786->4782 5098 7ff64b5c22c0 5101 7ff64b5c26a8 5098->5101 5102 7ff64b5c22c9 5101->5102 5103 7ff64b5c26cb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5101->5103 5103->5102 5104 7ff64b5c4dc0 5105 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5104->5105 5106 7ff64b5c4dd0 5105->5106 5107 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5106->5107 5108 7ff64b5c4de4 5107->5108 5109 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5108->5109 5110 7ff64b5c4df8 5109->5110 5111 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5110->5111 5112 7ff64b5c4e0c 5111->5112 4944 7ff64b5c5c04 4945 7ff64b5c5c43 4944->4945 4967 7ff64b5c5c59 4944->4967 4946 7ff64b5c5b14 _set_fmode 14 API calls 4945->4946 4948 7ff64b5c5c48 4946->4948 4947 7ff64b5c5e50 4950 7ff64b5c3f2c 14 API calls 4947->4950 4949 7ff64b5c58a8 _invalid_parameter_noinfo 31 API calls 4948->4949 4951 7ff64b5c5c52 4949->4951 4955 7ff64b5c5ebf 4950->4955 4953 7ff64b5c2030 _handle_error 8 API calls 4951->4953 4952 7ff64b5c5ec7 4956 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4952->4956 4954 7ff64b5c5f9e 4953->4954 4955->4952 4965 7ff64b5c5fb9 4955->4965 4981 7ff64b5c5978 4955->4981 4958 7ff64b5c5f51 4956->4958 4957 7ff64b5c5d44 FindFirstFileExW 4957->4967 4960 7ff64b5c5f84 4958->4960 4963 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4958->4963 4959 7ff64b5c5fd0 34 API calls 4959->4967 4961 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4960->4961 4961->4951 4963->4958 4964 7ff64b5c5dc5 FindNextFileW 4964->4967 4966 7ff64b5c58c8 _invalid_parameter_noinfo 17 API calls 4965->4966 4968 7ff64b5c5fcd 4966->4968 4967->4947 4967->4957 4967->4958 4967->4959 4967->4964 4969 7ff64b5c5e27 FindClose 4967->4969 4970 7ff64b5c5df5 FindClose 4967->4970 4973 7ff64b5c8e80 4967->4973 4969->4967 4970->4967 4974 7ff64b5c8ead 4973->4974 4975 7ff64b5c5b14 _set_fmode 14 API calls 4974->4975 4980 7ff64b5c8ec2 4974->4980 4976 7ff64b5c8eb7 4975->4976 4977 7ff64b5c58a8 _invalid_parameter_noinfo 31 API calls 4976->4977 4977->4980 4978 7ff64b5c2030 _handle_error 8 API calls 4979 7ff64b5c5e19 FindClose 4978->4979 4979->4967 4980->4978 4985 7ff64b5c5990 4981->4985 4982 7ff64b5c5995 4983 7ff64b5c59ab 4982->4983 4984 7ff64b5c5b14 _set_fmode 14 API calls 4982->4984 4983->4955 4986 7ff64b5c599f 4984->4986 4985->4982 4985->4983 4988 7ff64b5c59dc 4985->4988 4987 7ff64b5c58a8 _invalid_parameter_noinfo 31 API calls 4986->4987 4987->4983 4988->4983 4989 7ff64b5c5b14 _set_fmode 14 API calls 4988->4989 4989->4986 5113 7ff64b5c83c0 GetProcessHeap 4990 7ff64b5c4110 4991 7ff64b5c4129 4990->4991 4998 7ff64b5c4125 4990->4998 5000 7ff64b5c6d04 GetEnvironmentStringsW 4991->5000 4994 7ff64b5c4136 4996 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4994->4996 4996->4998 4999 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 4999->4994 5001 7ff64b5c412e 5000->5001 5003 7ff64b5c6d28 5000->5003 5001->4994 5007 7ff64b5c4178 5001->5007 5024 7ff64b5c7788 5003->5024 5004 7ff64b5c6d62 5005 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5004->5005 5006 7ff64b5c6d82 FreeEnvironmentStringsW 5005->5006 5006->5001 5008 7ff64b5c41a0 5007->5008 5009 7ff64b5c5b34 _invalid_parameter_noinfo 14 API calls 5008->5009 5016 7ff64b5c41db 5009->5016 5010 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5011 7ff64b5c4143 5010->5011 5011->4999 5012 7ff64b5c5b34 _invalid_parameter_noinfo 14 API calls 5012->5016 5013 7ff64b5c4241 5015 7ff64b5c428c 14 API calls 5013->5015 5017 7ff64b5c4249 5015->5017 5016->5012 5016->5013 5018 7ff64b5c4278 5016->5018 5021 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5016->5021 5022 7ff64b5c4250 5016->5022 5031 7ff64b5c5910 5016->5031 5019 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5017->5019 5020 7ff64b5c58c8 _invalid_parameter_noinfo 17 API calls 5018->5020 5019->5022 5023 7ff64b5c428a 5020->5023 5021->5016 5022->5010 5025 7ff64b5c77d3 5024->5025 5029 7ff64b5c7797 _invalid_parameter_noinfo 5024->5029 5027 7ff64b5c5b14 _set_fmode 14 API calls 5025->5027 5026 7ff64b5c77ba HeapAlloc 5028 7ff64b5c77d1 5026->5028 5026->5029 5027->5028 5028->5004 5029->5025 5029->5026 5030 7ff64b5c84b0 _invalid_parameter_noinfo 2 API calls 5029->5030 5030->5029 5032 7ff64b5c591d 5031->5032 5033 7ff64b5c5927 5031->5033 5032->5033 5036 7ff64b5c5943 5032->5036 5034 7ff64b5c5b14 _set_fmode 14 API calls 5033->5034 5039 7ff64b5c592f 5034->5039 5035 7ff64b5c58a8 _invalid_parameter_noinfo 31 API calls 5037 7ff64b5c593b 5035->5037 5036->5037 5038 7ff64b5c5b14 _set_fmode 14 API calls 5036->5038 5037->5016 5038->5039 5039->5035 5114 7ff64b5c6bd0 GetCommandLineA GetCommandLineW 5115 7ff64b5c8ad0 5116 7ff64b5c8afa 5115->5116 5117 7ff64b5c5b34 _invalid_parameter_noinfo 14 API calls 5116->5117 5118 7ff64b5c8b19 5117->5118 5119 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5118->5119 5120 7ff64b5c8b27 5119->5120 5121 7ff64b5c5b34 _invalid_parameter_noinfo 14 API calls 5120->5121 5125 7ff64b5c8b51 5120->5125 5123 7ff64b5c8b43 5121->5123 5122 7ff64b5c810c 6 API calls 5122->5125 5124 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5123->5124 5124->5125 5125->5122 5126 7ff64b5c8b5a 5125->5126 5127 7ff64b5c95d0 5130 7ff64b5c6890 5127->5130 5131 7ff64b5c689d 5130->5131 5135 7ff64b5c68e2 5130->5135 5136 7ff64b5c54b4 5131->5136 5137 7ff64b5c54c5 5136->5137 5142 7ff64b5c54ca 5136->5142 5139 7ff64b5c8070 _invalid_parameter_noinfo 6 API calls 5137->5139 5138 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 5140 7ff64b5c54e9 5138->5140 5139->5142 5141 7ff64b5c54d2 5140->5141 5143 7ff64b5c5b34 _invalid_parameter_noinfo 14 API calls 5140->5143 5144 7ff64b5c4e9c 34 API calls 5141->5144 5149 7ff64b5c554c 5141->5149 5142->5138 5142->5141 5145 7ff64b5c54fc 5143->5145 5146 7ff64b5c555a 5144->5146 5147 7ff64b5c551a 5145->5147 5148 7ff64b5c550a 5145->5148 5151 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 5147->5151 5150 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 5148->5150 5161 7ff64b5c6614 5149->5161 5152 7ff64b5c5511 5150->5152 5153 7ff64b5c5522 5151->5153 5158 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5152->5158 5154 7ff64b5c5538 5153->5154 5155 7ff64b5c5526 5153->5155 5157 7ff64b5c5184 _invalid_parameter_noinfo 14 API calls 5154->5157 5156 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 5155->5156 5156->5152 5159 7ff64b5c5540 5157->5159 5158->5141 5160 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5159->5160 5160->5141 5179 7ff64b5c67d4 5161->5179 5166 7ff64b5c6657 5166->5135 5167 7ff64b5c7788 15 API calls 5170 7ff64b5c6668 5167->5170 5168 7ff64b5c6703 5169 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5168->5169 5169->5166 5170->5168 5197 7ff64b5c690c 5170->5197 5173 7ff64b5c66fe 5174 7ff64b5c5b14 _set_fmode 14 API calls 5173->5174 5174->5168 5175 7ff64b5c6760 5175->5168 5208 7ff64b5c6164 5175->5208 5176 7ff64b5c6723 5176->5175 5177 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5176->5177 5177->5175 5180 7ff64b5c67f7 5179->5180 5181 7ff64b5c6801 5180->5181 5223 7ff64b5c6df8 EnterCriticalSection 5180->5223 5183 7ff64b5c663d 5181->5183 5186 7ff64b5c4e9c 34 API calls 5181->5186 5190 7ff64b5c6320 5183->5190 5188 7ff64b5c688b 5186->5188 5191 7ff64b5c4efc 34 API calls 5190->5191 5192 7ff64b5c6334 5191->5192 5193 7ff64b5c6340 GetOEMCP 5192->5193 5194 7ff64b5c6352 5192->5194 5196 7ff64b5c6367 5193->5196 5195 7ff64b5c6357 GetACP 5194->5195 5194->5196 5195->5196 5196->5166 5196->5167 5198 7ff64b5c6320 36 API calls 5197->5198 5199 7ff64b5c6937 5198->5199 5201 7ff64b5c6974 IsValidCodePage 5199->5201 5205 7ff64b5c69b7 __scrt_fastfail 5199->5205 5200 7ff64b5c2030 _handle_error 8 API calls 5202 7ff64b5c66f7 5200->5202 5203 7ff64b5c6985 5201->5203 5201->5205 5202->5173 5202->5176 5204 7ff64b5c69bc GetCPInfo 5203->5204 5207 7ff64b5c698e __scrt_fastfail 5203->5207 5204->5205 5204->5207 5205->5200 5224 7ff64b5c6430 5207->5224 5295 7ff64b5c6df8 EnterCriticalSection 5208->5295 5225 7ff64b5c646d GetCPInfo 5224->5225 5226 7ff64b5c6563 5224->5226 5225->5226 5231 7ff64b5c6480 5225->5231 5227 7ff64b5c2030 _handle_error 8 API calls 5226->5227 5229 7ff64b5c65fc 5227->5229 5229->5205 5235 7ff64b5c781c 5231->5235 5234 7ff64b5c9538 38 API calls 5234->5226 5236 7ff64b5c4efc 34 API calls 5235->5236 5237 7ff64b5c785e 5236->5237 5238 7ff64b5c6bf8 MultiByteToWideChar 5237->5238 5240 7ff64b5c7894 5238->5240 5239 7ff64b5c789b 5242 7ff64b5c2030 _handle_error 8 API calls 5239->5242 5240->5239 5241 7ff64b5c7788 15 API calls 5240->5241 5244 7ff64b5c78c0 __scrt_fastfail 5240->5244 5241->5244 5243 7ff64b5c64f7 5242->5243 5250 7ff64b5c9538 5243->5250 5245 7ff64b5c6bf8 MultiByteToWideChar 5244->5245 5246 7ff64b5c7958 5244->5246 5248 7ff64b5c793a 5245->5248 5246->5239 5247 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5246->5247 5247->5239 5248->5246 5249 7ff64b5c793e GetStringTypeW 5248->5249 5249->5246 5251 7ff64b5c4efc 34 API calls 5250->5251 5252 7ff64b5c955d 5251->5252 5255 7ff64b5c9220 5252->5255 5256 7ff64b5c9262 5255->5256 5257 7ff64b5c6bf8 MultiByteToWideChar 5256->5257 5261 7ff64b5c92ac 5257->5261 5258 7ff64b5c94eb 5259 7ff64b5c2030 _handle_error 8 API calls 5258->5259 5260 7ff64b5c652a 5259->5260 5260->5234 5261->5258 5262 7ff64b5c92df 5261->5262 5263 7ff64b5c7788 15 API calls 5261->5263 5264 7ff64b5c6bf8 MultiByteToWideChar 5262->5264 5266 7ff64b5c93e3 5262->5266 5263->5262 5265 7ff64b5c9351 5264->5265 5265->5266 5283 7ff64b5c8170 5265->5283 5266->5258 5268 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5266->5268 5268->5258 5270 7ff64b5c93f2 5272 7ff64b5c7788 15 API calls 5270->5272 5275 7ff64b5c940c 5270->5275 5271 7ff64b5c93a0 5271->5266 5273 7ff64b5c8170 6 API calls 5271->5273 5272->5275 5273->5266 5274 7ff64b5c8170 6 API calls 5277 7ff64b5c948d 5274->5277 5275->5266 5275->5274 5276 7ff64b5c94c2 5276->5266 5278 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 14 API calls 5276->5278 5277->5276 5289 7ff64b5c6c54 5277->5289 5278->5266 5284 7ff64b5c7db8 try_get_function 5 API calls 5283->5284 5285 7ff64b5c81ae 5284->5285 5286 7ff64b5c81b3 5285->5286 5292 7ff64b5c824c 5285->5292 5286->5266 5286->5270 5286->5271 5288 7ff64b5c820f LCMapStringW 5288->5286 5291 7ff64b5c6c77 WideCharToMultiByte 5289->5291 5293 7ff64b5c7db8 try_get_function 5 API calls 5292->5293 5294 7ff64b5c827a 5293->5294 5294->5288 4787 7ff64b5c4548 4788 7ff64b5c45af 4787->4788 4789 7ff64b5c4565 GetModuleHandleW 4787->4789 4802 7ff64b5c4440 4788->4802 4789->4788 4795 7ff64b5c4572 4789->4795 4795->4788 4797 7ff64b5c4650 GetModuleHandleExW 4795->4797 4798 7ff64b5c468d 4797->4798 4799 7ff64b5c4676 GetProcAddress 4797->4799 4800 7ff64b5c469f FreeLibrary 4798->4800 4801 7ff64b5c46a5 4798->4801 4799->4798 4800->4801 4801->4788 4816 7ff64b5c6df8 EnterCriticalSection 4802->4816 4184 7ff64b5c214c 4205 7ff64b5c2494 4184->4205 4187 7ff64b5c2298 4256 7ff64b5c27f4 IsProcessorFeaturePresent 4187->4256 4188 7ff64b5c2168 __scrt_acquire_startup_lock 4190 7ff64b5c22a2 4188->4190 4197 7ff64b5c2186 __scrt_release_startup_lock 4188->4197 4191 7ff64b5c27f4 __scrt_fastfail 7 API calls 4190->4191 4193 7ff64b5c22ad 4191->4193 4192 7ff64b5c21ab 4194 7ff64b5c2231 4213 7ff64b5c2940 4194->4213 4196 7ff64b5c2236 4216 7ff64b5c1cb0 4196->4216 4197->4192 4197->4194 4251 7ff64b5c46e0 4197->4251 4263 7ff64b5c2acc 4205->4263 4208 7ff64b5c2160 4208->4187 4208->4188 4209 7ff64b5c24c3 4265 7ff64b5c4e1c 4209->4265 4214 7ff64b5c2cb0 __scrt_fastfail 4213->4214 4215 7ff64b5c2957 GetStartupInfoW 4214->4215 4215->4196 4308 7ff64b5c1000 InitializeCriticalSection 4216->4308 4219 7ff64b5c1280 12 API calls 4220 7ff64b5c1ce1 EnterCriticalSection GetModuleHandleW CreateWindowExW 4219->4220 4221 7ff64b5c1d62 LeaveCriticalSection 4220->4221 4222 7ff64b5c1d4a GetLastError 4220->4222 4224 7ff64b5c1280 12 API calls 4221->4224 4223 7ff64b5c1280 12 API calls 4222->4223 4225 7ff64b5c1d5e 4223->4225 4226 7ff64b5c1d7f 4224->4226 4225->4221 4227 7ff64b5c1d84 4226->4227 4228 7ff64b5c1d9a GetCommandLineW CommandLineToArgvW 4226->4228 4229 7ff64b5c1280 12 API calls 4227->4229 4230 7ff64b5c1ee6 LocalFree 4228->4230 4236 7ff64b5c1ddf 4228->4236 4231 7ff64b5c1d90 ExitProcess 4229->4231 4232 7ff64b5c1f0f GetStartupInfoW 4230->4232 4233 7ff64b5c1f04 ExitProcess 4230->4233 4235 7ff64b5c1f45 4232->4235 4234 7ff64b5c1df0 lstrcmpW 4234->4236 4333 7ff64b5c1770 4235->4333 4236->4234 4237 7ff64b5c1ede 4236->4237 4239 7ff64b5c1e16 EnterCriticalSection 4236->4239 4249 7ff64b5c1eb6 EnterCriticalSection LeaveCriticalSection 4236->4249 4237->4230 4241 7ff64b5c1e32 lstrlenW LocalAlloc lstrcpyW LeaveCriticalSection 4239->4241 4242 7ff64b5c1e2c LocalFree 4239->4242 4245 7ff64b5c1320 12 API calls 4241->4245 4242->4241 4243 7ff64b5c1f9a ExitProcess 4244 7ff64b5c1f6a 4246 7ff64b5c1f70 TranslateMessage DispatchMessageW GetMessageW 4244->4246 4247 7ff64b5c1e77 CreateThread 4245->4247 4246->4243 4246->4246 4248 7ff64b5c1e9f GetLastError 4247->4248 4247->4249 4250 7ff64b5c1280 12 API calls 4248->4250 4249->4236 4250->4236 4252 7ff64b5c4704 4251->4252 4253 7ff64b5c4716 4251->4253 4252->4194 4341 7ff64b5c4e68 4253->4341 4257 7ff64b5c2819 __scrt_fastfail 4256->4257 4258 7ff64b5c2838 RtlCaptureContext RtlLookupFunctionEntry 4257->4258 4259 7ff64b5c2861 RtlVirtualUnwind 4258->4259 4260 7ff64b5c289d __scrt_fastfail 4258->4260 4259->4260 4261 7ff64b5c28cf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 4260->4261 4262 7ff64b5c2921 __scrt_fastfail 4261->4262 4262->4190 4264 7ff64b5c24b6 __scrt_dllmain_crt_thread_attach 4263->4264 4264->4208 4264->4209 4266 7ff64b5c83ec 4265->4266 4267 7ff64b5c24c8 4266->4267 4275 7ff64b5c7400 4266->4275 4267->4208 4269 7ff64b5c3074 4267->4269 4270 7ff64b5c3086 4269->4270 4271 7ff64b5c307c 4269->4271 4270->4208 4287 7ff64b5c32f4 4271->4287 4286 7ff64b5c6df8 EnterCriticalSection 4275->4286 4277 7ff64b5c7410 4278 7ff64b5c6fa8 32 API calls 4277->4278 4279 7ff64b5c7419 4278->4279 4280 7ff64b5c71fc 34 API calls 4279->4280 4285 7ff64b5c7427 4279->4285 4282 7ff64b5c7422 4280->4282 4281 7ff64b5c6e58 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 4283 7ff64b5c7433 4281->4283 4284 7ff64b5c72ec GetStdHandle GetFileType 4282->4284 4283->4266 4284->4285 4285->4281 4288 7ff64b5c3081 4287->4288 4289 7ff64b5c3303 4287->4289 4291 7ff64b5c334c 4288->4291 4295 7ff64b5c3518 4289->4295 4292 7ff64b5c3377 4291->4292 4293 7ff64b5c337b 4292->4293 4294 7ff64b5c335a DeleteCriticalSection 4292->4294 4293->4270 4294->4292 4299 7ff64b5c3384 4295->4299 4300 7ff64b5c33c7 try_get_function 4299->4300 4306 7ff64b5c349c TlsFree 4299->4306 4301 7ff64b5c33f4 LoadLibraryExW 4300->4301 4302 7ff64b5c348b GetProcAddress 4300->4302 4300->4306 4307 7ff64b5c3437 LoadLibraryExW 4300->4307 4303 7ff64b5c3415 GetLastError 4301->4303 4304 7ff64b5c346b 4301->4304 4302->4306 4303->4300 4304->4302 4305 7ff64b5c3482 FreeLibrary 4304->4305 4305->4302 4307->4300 4307->4304 4309 7ff64b5c1280 12 API calls 4308->4309 4310 7ff64b5c1075 4309->4310 4311 7ff64b5c1083 __scrt_fastfail 4310->4311 4312 7ff64b5c107a EnterCriticalSection 4310->4312 4313 7ff64b5c1094 GetModuleFileNameW lstrlenW CharPrevW 4311->4313 4312->4311 4314 7ff64b5c10dd 4313->4314 4321 7ff64b5c1111 4313->4321 4315 7ff64b5c10e0 lstrcmpW 4314->4315 4317 7ff64b5c10f4 CharPrevW 4315->4317 4315->4321 4316 7ff64b5c1120 wsprintfW 4318 7ff64b5c1320 12 API calls 4316->4318 4317->4315 4317->4321 4319 7ff64b5c114e LoadImageW 4318->4319 4320 7ff64b5c1178 GetLastError 4319->4320 4319->4321 4322 7ff64b5c1280 12 API calls 4320->4322 4321->4316 4323 7ff64b5c1197 GetModuleHandleW LoadCursorW GetSysColorBrush RegisterClassExW 4321->4323 4322->4321 4324 7ff64b5c1216 GetLastError 4323->4324 4325 7ff64b5c122a 4323->4325 4326 7ff64b5c1280 12 API calls 4324->4326 4327 7ff64b5c122f LeaveCriticalSection 4325->4327 4328 7ff64b5c1238 4325->4328 4326->4325 4327->4328 4329 7ff64b5c1280 12 API calls 4328->4329 4330 7ff64b5c124b 4329->4330 4331 7ff64b5c2030 _handle_error 8 API calls 4330->4331 4332 7ff64b5c125d 4331->4332 4332->4219 4334 7ff64b5c1796 GetClassLongPtrW 4333->4334 4335 7ff64b5c178d EnterCriticalSection 4333->4335 4336 7ff64b5c17be GetWindowLongPtrW SetWindowLongPtrW 4334->4336 4337 7ff64b5c17aa GetClassLongPtrW 4334->4337 4335->4334 4338 7ff64b5c17e4 ShowWindow 4336->4338 4337->4336 4337->4338 4339 7ff64b5c1802 GetMessageW 4338->4339 4340 7ff64b5c17f7 LeaveCriticalSection 4338->4340 4339->4243 4339->4244 4340->4339 4346 7ff64b5c53e0 GetLastError 4341->4346 4347 7ff64b5c5407 4346->4347 4348 7ff64b5c5402 4346->4348 4352 7ff64b5c540f SetLastError 4347->4352 4386 7ff64b5c80b8 4347->4386 4382 7ff64b5c8070 4348->4382 4356 7ff64b5c54ae 4352->4356 4357 7ff64b5c4e71 4352->4357 4360 7ff64b5c4e9c 32 API calls 4356->4360 4373 7ff64b5c4e9c 4357->4373 4358 7ff64b5c545b 4361 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4358->4361 4359 7ff64b5c544b 4362 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4359->4362 4363 7ff64b5c54b3 4360->4363 4364 7ff64b5c5463 4361->4364 4365 7ff64b5c5452 4362->4365 4366 7ff64b5c5479 4364->4366 4367 7ff64b5c5467 4364->4367 4398 7ff64b5c5bac 4365->4398 4404 7ff64b5c5184 4366->4404 4368 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4367->4368 4368->4365 4467 7ff64b5c855c 4373->4467 4409 7ff64b5c7db8 4382->4409 4387 7ff64b5c7db8 try_get_function 5 API calls 4386->4387 4388 7ff64b5c80e6 4387->4388 4389 7ff64b5c542a 4388->4389 4390 7ff64b5c80f8 TlsSetValue 4388->4390 4389->4352 4391 7ff64b5c5b34 4389->4391 4390->4389 4397 7ff64b5c5b45 _invalid_parameter_noinfo 4391->4397 4392 7ff64b5c5b96 4421 7ff64b5c5b14 4392->4421 4393 7ff64b5c5b7a RtlAllocateHeap 4394 7ff64b5c543d 4393->4394 4393->4397 4394->4358 4394->4359 4397->4392 4397->4393 4418 7ff64b5c84b0 4397->4418 4399 7ff64b5c5bb1 HeapFree 4398->4399 4403 7ff64b5c5be1 Concurrency::details::SchedulerProxy::DeleteThis 4398->4403 4400 7ff64b5c5bcc 4399->4400 4399->4403 4401 7ff64b5c5b14 _set_fmode 12 API calls 4400->4401 4402 7ff64b5c5bd1 GetLastError 4401->4402 4402->4403 4403->4352 4453 7ff64b5c505c 4404->4453 4410 7ff64b5c7e14 try_get_function 4409->4410 4415 7ff64b5c7e19 TlsGetValue 4409->4415 4411 7ff64b5c7e48 LoadLibraryExW 4410->4411 4414 7ff64b5c7efc 4410->4414 4410->4415 4416 7ff64b5c7ee1 FreeLibrary 4410->4416 4417 7ff64b5c7ea3 LoadLibraryExW 4410->4417 4411->4410 4412 7ff64b5c7e69 GetLastError 4411->4412 4412->4410 4413 7ff64b5c7f0a GetProcAddress 4413->4415 4414->4413 4414->4415 4416->4410 4417->4410 4424 7ff64b5c84e0 4418->4424 4430 7ff64b5c555c GetLastError 4421->4430 4423 7ff64b5c5b1d 4423->4394 4429 7ff64b5c6df8 EnterCriticalSection 4424->4429 4431 7ff64b5c557e 4430->4431 4432 7ff64b5c5583 4430->4432 4433 7ff64b5c8070 _invalid_parameter_noinfo 6 API calls 4431->4433 4434 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4432->4434 4436 7ff64b5c558b SetLastError 4432->4436 4433->4432 4435 7ff64b5c55a6 4434->4435 4435->4436 4438 7ff64b5c5b34 _invalid_parameter_noinfo 12 API calls 4435->4438 4436->4423 4439 7ff64b5c55b9 4438->4439 4440 7ff64b5c55d7 4439->4440 4441 7ff64b5c55c7 4439->4441 4442 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4440->4442 4443 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4441->4443 4444 7ff64b5c55df 4442->4444 4445 7ff64b5c55ce 4443->4445 4446 7ff64b5c55f5 4444->4446 4447 7ff64b5c55e3 4444->4447 4448 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 12 API calls 4445->4448 4450 7ff64b5c5184 _invalid_parameter_noinfo 12 API calls 4446->4450 4449 7ff64b5c80b8 _invalid_parameter_noinfo 6 API calls 4447->4449 4448->4436 4449->4445 4451 7ff64b5c55fd 4450->4451 4452 7ff64b5c5bac Concurrency::details::SchedulerProxy::DeleteThis 12 API calls 4451->4452 4452->4436 4465 7ff64b5c6df8 EnterCriticalSection 4453->4465 4501 7ff64b5c8514 4467->4501 4506 7ff64b5c6df8 EnterCriticalSection 4501->4506 4824 7ff64b5c304c 4831 7ff64b5c3318 4824->4831 4827 7ff64b5c3059 4843 7ff64b5c35fc 4831->4843 4834 7ff64b5c334c __vcrt_uninitialize_locks DeleteCriticalSection 4835 7ff64b5c3055 4834->4835 4835->4827 4836 7ff64b5c32ac 4835->4836 4848 7ff64b5c34d0 4836->4848 4844 7ff64b5c3384 __vcrt_InitializeCriticalSectionEx 5 API calls 4843->4844 4845 7ff64b5c3632 4844->4845 4846 7ff64b5c3647 InitializeCriticalSectionAndSpinCount 4845->4846 4847 7ff64b5c3330 4845->4847 4846->4847 4847->4834 4847->4835 4849 7ff64b5c3384 __vcrt_InitializeCriticalSectionEx 5 API calls 4848->4849 4851 7ff64b5c34f5 TlsAlloc 4849->4851

                                            Executed Functions

                                            Function 00007FF64B5C1820 Relevance: 93.0, APIs: 45, Strings: 8, Instructions: 298windowtimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 7ff64b5c1820-7ff64b5c185a GetWindowLongPtrW 1 7ff64b5c1860-7ff64b5c1863 0->1 2 7ff64b5c18ed-7ff64b5c18f3 0->2 1->2 5 7ff64b5c1869-7ff64b5c186e 1->5 3 7ff64b5c18f9-7ff64b5c1900 2->3 4 7ff64b5c199a-7ff64b5c19a6 DefWindowProcW 2->4 6 7ff64b5c1902-7ff64b5c1905 EnterCriticalSection 3->6 7 7ff64b5c190b-7ff64b5c190f 3->7 8 7ff64b5c19ac-7ff64b5c19c9 4->8 5->2 9 7ff64b5c1870-7ff64b5c188c SetLastError SetWindowLongPtrW 5->9 6->7 10 7ff64b5c1aee-7ff64b5c1af2 7->10 11 7ff64b5c1915 7->11 12 7ff64b5c188e-7ff64b5c1896 GetLastError 9->12 13 7ff64b5c18a6-7ff64b5c18ba GetWindowLongPtrW 9->13 16 7ff64b5c1c63-7ff64b5c1c66 10->16 17 7ff64b5c1af8-7ff64b5c1aff 10->17 14 7ff64b5c1ab9-7ff64b5c1abc 11->14 15 7ff64b5c191b-7ff64b5c1921 11->15 12->13 18 7ff64b5c1898-7ff64b5c18a1 call 7ff64b5c1280 12->18 13->4 19 7ff64b5c18c0-7ff64b5c18c7 13->19 24 7ff64b5c1adf-7ff64b5c1ae9 DestroyWindow 14->24 25 7ff64b5c1abe-7ff64b5c1ada EnterCriticalSection DestroyWindow LeaveCriticalSection 14->25 22 7ff64b5c19d4-7ff64b5c19ea call 7ff64b5c1280 15->22 23 7ff64b5c1927-7ff64b5c192a 15->23 20 7ff64b5c1c95-7ff64b5c1c98 call 7ff64b5c1650 16->20 21 7ff64b5c1c68-7ff64b5c1c90 EnterCriticalSection call 7ff64b5c1650 LeaveCriticalSection * 2 16->21 26 7ff64b5c1b05-7ff64b5c1b08 17->26 27 7ff64b5c198c-7ff64b5c198f 17->27 18->13 29 7ff64b5c18e4-7ff64b5c18eb 19->29 30 7ff64b5c18c9-7ff64b5c18e2 EnterCriticalSection LeaveCriticalSection 19->30 42 7ff64b5c1c9d-7ff64b5c1ca2 20->42 21->8 49 7ff64b5c19f5-7ff64b5c1a1d SetWindowPos 22->49 50 7ff64b5c19ec-7ff64b5c19ef EnterCriticalSection 22->50 33 7ff64b5c196d-7ff64b5c1970 23->33 34 7ff64b5c192c-7ff64b5c192f 23->34 24->4 36 7ff64b5c1991-7ff64b5c1994 LeaveCriticalSection 25->36 37 7ff64b5c1b13-7ff64b5c1b1a 26->37 38 7ff64b5c1b0a-7ff64b5c1b0d EnterCriticalSection 26->38 27->4 27->36 29->3 30->3 43 7ff64b5c1972-7ff64b5c1986 EnterCriticalSection PostQuitMessage LeaveCriticalSection 33->43 44 7ff64b5c19ca-7ff64b5c19d2 PostQuitMessage 33->44 34->27 41 7ff64b5c1931-7ff64b5c1934 34->41 36->4 45 7ff64b5c1b3e-7ff64b5c1b41 37->45 46 7ff64b5c1b1c-7ff64b5c1b20 37->46 38->37 41->20 51 7ff64b5c193a-7ff64b5c1957 EnterCriticalSection call 7ff64b5c1650 LeaveCriticalSection 41->51 42->8 43->27 44->4 47 7ff64b5c1b43-7ff64b5c1b46 EnterCriticalSection 45->47 48 7ff64b5c1b4c-7ff64b5c1b5f 45->48 52 7ff64b5c1b26-7ff64b5c1b39 PostMessageW 46->52 53 7ff64b5c1bbb-7ff64b5c1bbe 46->53 47->48 54 7ff64b5c1b60-7ff64b5c1b62 48->54 55 7ff64b5c1a1f-7ff64b5c1a2e GetLastError call 7ff64b5c1280 49->55 56 7ff64b5c1a33-7ff64b5c1a4d SetTimer 49->56 50->49 51->42 67 7ff64b5c195d-7ff64b5c196b LeaveCriticalSection 51->67 52->53 53->4 58 7ff64b5c1bc4-7ff64b5c1bcd LeaveCriticalSection 53->58 59 7ff64b5c1b64-7ff64b5c1b6f 54->59 60 7ff64b5c1bd2-7ff64b5c1c1d GetSystemMetrics * 2 MoveWindow 54->60 55->56 63 7ff64b5c1a4f-7ff64b5c1a5e GetLastError call 7ff64b5c1280 56->63 64 7ff64b5c1a63-7ff64b5c1a7d SetTimer 56->64 58->36 65 7ff64b5c1b71-7ff64b5c1b74 59->65 66 7ff64b5c1b76-7ff64b5c1b97 GetObjectW 59->66 69 7ff64b5c1c1f-7ff64b5c1c2e GetLastError call 7ff64b5c1280 60->69 70 7ff64b5c1c33-7ff64b5c1c46 InvalidateRect 60->70 63->64 71 7ff64b5c1a7f-7ff64b5c1a8e GetLastError call 7ff64b5c1280 64->71 72 7ff64b5c1a93-7ff64b5c1a96 64->72 65->66 66->54 76 7ff64b5c1b99-7ff64b5c1b9b 66->76 67->8 69->70 70->4 73 7ff64b5c1c4c-7ff64b5c1c5e LeaveCriticalSection * 2 70->73 71->72 74 7ff64b5c1aa1-7ff64b5c1aaf call 7ff64b5c1280 72->74 75 7ff64b5c1a98-7ff64b5c1a9b LeaveCriticalSection 72->75 73->36 81 7ff64b5c1ab4 74->81 75->74 76->60 80 7ff64b5c1b9d-7ff64b5c1bac call 7ff64b5c1280 76->80 80->4 84 7ff64b5c1bb2-7ff64b5c1bb5 LeaveCriticalSection 80->84 81->27 84->53
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Leave$Enter$Window$ErrorLast$LongMessagePost$DestroyMetricsQuitSystemTimer$CurrentDebugInvalidateMoveObjectOutputProcRectStringThreadwsprintfwvsprintf
                                            • String ID: <%s$>%s$CMainWindow::OnCreate$GetObject failed for all bitmap handles$MoveWindow faild: %d$SetTimer failed: %d$SetWindowLongPtr() falied: %d$SetWindowPos() failed: %d
                                            • API String ID: 1074739455-1942354906
                                            • Opcode ID: 9c169b81a30b71a2e70203ef4ac23eef797fd528649f4d857ed50efb3f967278
                                            • Instruction ID: 04839157de60cd6b0a90d513ecb9c4fea165a046999ff67012943de067d70f15
                                            • Opcode Fuzzy Hash: 9c169b81a30b71a2e70203ef4ac23eef797fd528649f4d857ed50efb3f967278
                                            • Instruction Fuzzy Hash: 05C15025A0D60282FA5DBF25E854279E372BF8DB80F085431DE6FC66B2DE3CE455A740
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C1CB0 Relevance: 61.4, APIs: 27, Strings: 8, Instructions: 166COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 135 7ff64b5c1cb0-7ff64b5c1d48 call 7ff64b5c1000 call 7ff64b5c1280 EnterCriticalSection GetModuleHandleW CreateWindowExW 140 7ff64b5c1d62-7ff64b5c1d82 LeaveCriticalSection call 7ff64b5c1280 135->140 141 7ff64b5c1d4a-7ff64b5c1d5e GetLastError call 7ff64b5c1280 135->141 146 7ff64b5c1d84-7ff64b5c1d93 call 7ff64b5c1280 ExitProcess 140->146 147 7ff64b5c1d9a-7ff64b5c1dd9 GetCommandLineW CommandLineToArgvW 140->147 141->140 149 7ff64b5c1ddf-7ff64b5c1deb 147->149 150 7ff64b5c1ee6-7ff64b5c1f02 LocalFree 147->150 154 7ff64b5c1df0-7ff64b5c1e03 lstrcmpW 149->154 152 7ff64b5c1f0f-7ff64b5c1f43 GetStartupInfoW 150->152 153 7ff64b5c1f04-7ff64b5c1f08 ExitProcess 150->153 155 7ff64b5c1f45 152->155 156 7ff64b5c1f4a-7ff64b5c1f68 call 7ff64b5c1770 GetMessageW 152->156 157 7ff64b5c1ece-7ff64b5c1ed8 154->157 158 7ff64b5c1e09-7ff64b5c1e10 154->158 155->156 165 7ff64b5c1f9a-7ff64b5c1f9d ExitProcess 156->165 166 7ff64b5c1f6a 156->166 157->154 159 7ff64b5c1ede 157->159 158->157 161 7ff64b5c1e16-7ff64b5c1e2a EnterCriticalSection 158->161 159->150 163 7ff64b5c1e32-7ff64b5c1e9d lstrlenW LocalAlloc lstrcpyW LeaveCriticalSection call 7ff64b5c1320 CreateThread 161->163 164 7ff64b5c1e2c LocalFree 161->164 170 7ff64b5c1e9f-7ff64b5c1eb3 GetLastError call 7ff64b5c1280 163->170 171 7ff64b5c1eb6-7ff64b5c1ec8 EnterCriticalSection LeaveCriticalSection 163->171 164->163 168 7ff64b5c1f70-7ff64b5c1f98 TranslateMessage DispatchMessageW GetMessageW 166->168 168->165 168->168 170->171 171->157
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CriticalSection$CharEnterErrorLastModulePrevwsprintf$CreateCurrentDebugExitFileHandleImageInitializeLeaveLoadNameOutputProcessStringThreadWindowlstrcmplstrlenwvsprintf
                                            • String ID: --instance-id$<%s$>%s$CMainWindow::Create$Create failed$CreateTread() failed: %d$CreateWindowEx failed: %d$instance id: %s
                                            • API String ID: 225778055-1753640535
                                            • Opcode ID: 6981961d585fcb9fb04ab6018041c0218b83c7c0f12b4f25d215768af4e111f3
                                            • Instruction ID: 4244b2a5bea131ea0cd869f9c66ed2a12258e31aee5ffad499eb9693b31a8321
                                            • Opcode Fuzzy Hash: 6981961d585fcb9fb04ab6018041c0218b83c7c0f12b4f25d215768af4e111f3
                                            • Instruction Fuzzy Hash: 25813D32A0CA4686E758FF20E8542B9B772FB98748F404035DA5ED26B6EF3CE559D700
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C13C0 Relevance: 66.7, APIs: 25, Strings: 13, Instructions: 155memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 85 7ff64b5c13c0-7ff64b5c13e5 call 7ff64b5c1280 88 7ff64b5c13e7-7ff64b5c13f6 call 7ff64b5c1280 85->88 89 7ff64b5c13fb-7ff64b5c140c 85->89 96 7ff64b5c162e-7ff64b5c1649 call 7ff64b5c1280 88->96 90 7ff64b5c140e-7ff64b5c1411 EnterCriticalSection 89->90 91 7ff64b5c1417-7ff64b5c142d LocalAlloc 89->91 90->91 94 7ff64b5c142f-7ff64b5c1435 91->94 95 7ff64b5c1449-7ff64b5c1465 wsprintfW 91->95 97 7ff64b5c1624-7ff64b5c1629 94->97 98 7ff64b5c143b-7ff64b5c1444 LeaveCriticalSection 94->98 99 7ff64b5c1470-7ff64b5c1497 call 7ff64b5c1320 CreateEventW 95->99 100 7ff64b5c1467-7ff64b5c146a LeaveCriticalSection 95->100 97->96 98->97 105 7ff64b5c14bf-7ff64b5c14ca GetLastError 99->105 106 7ff64b5c1499-7ff64b5c14ba GetLastError call 7ff64b5c1280 LocalFree 99->106 100->99 108 7ff64b5c14f3-7ff64b5c1507 call 7ff64b5c1280 105->108 109 7ff64b5c14cc-7ff64b5c14ee PostMessageW LocalFree 105->109 110 7ff64b5c161f 106->110 114 7ff64b5c1535-7ff64b5c1547 wsprintfW 108->114 115 7ff64b5c1509-7ff64b5c1533 EnterCriticalSection wsprintfW LeaveCriticalSection 108->115 109->110 110->97 116 7ff64b5c154d-7ff64b5c1566 CreateEventW 114->116 115->116 117 7ff64b5c157e-7ff64b5c1585 call 7ff64b5c1280 116->117 118 7ff64b5c1568-7ff64b5c1573 GetLastError 116->118 121 7ff64b5c158a-7ff64b5c159a WaitForSingleObject 117->121 118->117 119 7ff64b5c1575-7ff64b5c1578 SetEvent 118->119 119->117 122 7ff64b5c159c-7ff64b5c15a1 121->122 123 7ff64b5c15db-7ff64b5c1601 EnterCriticalSection PostMessageW LeaveCriticalSection 121->123 125 7ff64b5c15c3-7ff64b5c15ca call 7ff64b5c1280 122->125 126 7ff64b5c15a3-7ff64b5c15a8 122->126 124 7ff64b5c1603-7ff64b5c160f LocalFree 123->124 128 7ff64b5c1611-7ff64b5c1614 CloseHandle 124->128 129 7ff64b5c161a 124->129 130 7ff64b5c15cf-7ff64b5c15d6 call 7ff64b5c1280 125->130 126->130 131 7ff64b5c15aa-7ff64b5c15ad 126->131 128->129 129->110 130->123 131->124 133 7ff64b5c15af-7ff64b5c15be GetLastError call 7ff64b5c1280 131->133 133->125
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CriticalSection$AllocCurrentDebugEnterLeaveLocalOutputStringThreadwsprintfwvsprintf
                                            • String ID: <%s$>%s$CMainWindow::KillThread$CreateEvent() failed: %d$Event Created$Event name: %s$Global\{BEA6EBFD-697A-48f3-B5CC-E2DD3991EAEB}ProgressFeedback-%s$Global\{BEA6EBFD-697A-48f3-B5CC-E2DD3991EAEB}ProgressFeedback-%sready$Invalid kill thread parameter$Wait timed out$WaitForSingleObject() failed:%d$starting wait$wait abndoned
                                            • API String ID: 2014433716-2176677318
                                            • Opcode ID: 7396161e7e3af03fcab830b8701761ea0621079be12aa126553b23758858bd22
                                            • Instruction ID: 12e961c321387dd2834b2309cec6ea5aa27f7154bd7e0986a731d51359feb9e1
                                            • Opcode Fuzzy Hash: 7396161e7e3af03fcab830b8701761ea0621079be12aa126553b23758858bd22
                                            • Instruction Fuzzy Hash: 36614D21A0CA4682EA5DBF15E854179E3B2FF4DB80F445431CA6EC66F2EE3CE559E300
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C1000 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 144stringregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CriticalSection$CharErrorLastLoadModulePrevwsprintf$BrushClassColorCurrentCursorDebugEnterFileHandleImageInitializeLeaveNameOutputRegisterStringThreadlstrcmplstrlenwvsprintf
                                            • String ID: %sspinner-%d.bmp$<%s$>%s$CMainWindow::CMainWindow$LoadImage failed: %d$P$RegisterClassEx failed: %d$image %s$spinner-window
                                            • API String ID: 2769204049-53790635
                                            • Opcode ID: 32ab536efcd0fd246673f988deaaeac071d630e62842ac2c00ac0a516a0960bf
                                            • Instruction ID: d2b28f307936c7cdff46e84202cd4115078f665ddcf9f0d77fb1c413d33f4f79
                                            • Opcode Fuzzy Hash: 32ab536efcd0fd246673f988deaaeac071d630e62842ac2c00ac0a516a0960bf
                                            • Instruction Fuzzy Hash: B9616F32A1CB4286EB55BF24E8402A9B3B6FB48784F501036DA5EC3AB5EF3CD556D700
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C214C Relevance: 10.6, APIs: 7, Instructions: 94COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: __scrt_fastfail$__scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                            • String ID:
                                            • API String ID: 2735655165-0
                                            • Opcode ID: 7b117cd8d0e4dd04dec497475a1937fdd92f31bd1a51a755c026c184f162b4f5
                                            • Instruction ID: 43ca01a3c12a3b7915f801f424fe06cda42ba32e13f495194372635d41d84ab2
                                            • Opcode Fuzzy Hash: 7b117cd8d0e4dd04dec497475a1937fdd92f31bd1a51a755c026c184f162b4f5
                                            • Instruction Fuzzy Hash: D5314A21E0C24746FE2CBF64E4512B992B39F49744F445034EA6EC76F7DE6EA445D600
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C1770 Relevance: 10.5, APIs: 7, Instructions: 43COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: Long$Window$ClassCriticalSection$EnterLeaveShow
                                            • String ID:
                                            • API String ID: 1137199466-0
                                            • Opcode ID: 98a005f196e51397c70fde0aa206f802acc04033d73074afa53a1bb72023cf30
                                            • Instruction ID: 577dea928c8d6c0e142284b944a064dfb1d95e0970203bc9a3486c2d5825bc14
                                            • Opcode Fuzzy Hash: 98a005f196e51397c70fde0aa206f802acc04033d73074afa53a1bb72023cf30
                                            • Instruction Fuzzy Hash: 85112125719B4193EA48BF25E540028E3B2FF8CB907185231DE2EC3BB5DF78E4619200
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C1280 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CurrentDebugOutputStringThreadwsprintfwvsprintf
                                            • String ID: SPN(%4x):
                                            • API String ID: 2420020820-2851840919
                                            • Opcode ID: 8b6722230508bc586e7b491e7bcd52ca5d40f7d9913d510e771338171ffa7b0e
                                            • Instruction ID: 8dff70f849c791e58b658cdf7df0f171b49d9397914af86d25a106dfce128188
                                            • Opcode Fuzzy Hash: 8b6722230508bc586e7b491e7bcd52ca5d40f7d9913d510e771338171ffa7b0e
                                            • Instruction Fuzzy Hash: 080100A261CA8691EB24EF10F4503AAB371FB9C748F805135E69D826A6DF3CD215DB44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C1320 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CurrentDebugOutputStringThreadwsprintfwvsprintf
                                            • String ID: SPN(%4x):
                                            • API String ID: 2420020820-2851840919
                                            • Opcode ID: 993c8befe3ba5b5539b829e5e1df42d60eeb429c6feea18851e8e27ee4f1bfe2
                                            • Instruction ID: 9aed9f10beb02b9ed9352983f20ef75e3a47601d809d3fbdf014a3e92313e690
                                            • Opcode Fuzzy Hash: 993c8befe3ba5b5539b829e5e1df42d60eeb429c6feea18851e8e27ee4f1bfe2
                                            • Instruction Fuzzy Hash: EB012D6261CA8681EA24BF10F4503AAB3B1FB9CB84F408131D9DD826A6DF3CD245DF80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C6FA8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 780d7e2ebe68895f076cab3b21a6c88ed8b56a1a73af963089b0d6072a48b504
                                            • Instruction ID: a2151941bc40da04db8d969fb132f7ba7b8868b164deb26a2c860a6724cb5049
                                            • Opcode Fuzzy Hash: 780d7e2ebe68895f076cab3b21a6c88ed8b56a1a73af963089b0d6072a48b504
                                            • Instruction Fuzzy Hash: 87119D32A1C68282F319BF14E44013AE3B6EB48740F554535E6AD97AB3CF3CF8118B00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C5B34 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF64B5C55B9,?,?,?,00007FF64B5C5B1D,?,?,?,?,00007FF64B5C4750), ref: 00007FF64B5C5B89
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: e505294170302db8fb6c0d073c0179a88bec0c645ebd96b62d2110f335907f0f
                                            • Instruction ID: f4b9091c9c49f79a4db117c70263cd59981e020002030cb141449bc5cdbd6294
                                            • Opcode Fuzzy Hash: e505294170302db8fb6c0d073c0179a88bec0c645ebd96b62d2110f335907f0f
                                            • Instruction Fuzzy Hash: E8F0E754B0D60741FE5C7EA6E9523B5D6B65F8CB88F4C4430CA2FC62E3EE2CA4818220
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 00007FF64B5C5C04 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 746be48d61775bcd497bf0d46f3589b2976150b60a7e09522b998870a93c3875
                                            • Instruction ID: c33759a72aba58cc7d81e8f01b064be50163ea7ba9c71998807e62bd751a9929
                                            • Opcode Fuzzy Hash: 746be48d61775bcd497bf0d46f3589b2976150b60a7e09522b998870a93c3875
                                            • Instruction Fuzzy Hash: 13A1B562A1C68141EA58FFA1E4051BAE3B2FB4CBD4F544131EE6E87BA6DF7CD4458300
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C5694 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                            • String ID:
                                            • API String ID: 1239891234-0
                                            • Opcode ID: 21c38abb5e9e71821e1777778f4679ee9a89b0b8436045377953677ee64cb999
                                            • Instruction ID: 92d4ec2688b49a000730cb90d085086ba9e872c39753196431d1a73bc08312c0
                                            • Opcode Fuzzy Hash: 21c38abb5e9e71821e1777778f4679ee9a89b0b8436045377953677ee64cb999
                                            • Instruction Fuzzy Hash: 06317336618F8186DB64EF25E8402AEB3B5FB88754F500135EAAD83BA6DF3CD145CB00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C98BC Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastWrite$ConsoleOutput
                                            • String ID:
                                            • API String ID: 1443284424-0
                                            • Opcode ID: 3e65b98c6ca53a673d5b016654be2cece4e48838fb5caeb8a78896c582267466
                                            • Instruction ID: 9522ca945e3a6d765a706c24c316e5f22eac9dad3a94abcc1221d11b85947a83
                                            • Opcode Fuzzy Hash: 3e65b98c6ca53a673d5b016654be2cece4e48838fb5caeb8a78896c582267466
                                            • Instruction Fuzzy Hash: 22E10272B1C6819AE705EF64D0401EDBBB2FB49788F144132DE6E97BAADE38D516C700
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C83C0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: HeapProcess
                                            • String ID:
                                            • API String ID: 54951025-0
                                            • Opcode ID: ce0e392ddb84eacdc24679b21d8220c5d9040599a27fc9bfe54731247e329ded
                                            • Instruction ID: 10f2516e555ff1a4f39c715e61d3a27c9c29932461091b7e7fe5204de83fb472
                                            • Opcode Fuzzy Hash: ce0e392ddb84eacdc24679b21d8220c5d9040599a27fc9bfe54731247e329ded
                                            • Instruction Fuzzy Hash: 03B09B14E0B606C1D54D3F55ACC111492697F4C710F954034C01CD1371ED3C11E66700
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5CB740 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3de07e5d23413e2b16a77e3022cd2045827cf55879644d11f04a61fa0c1aaa0a
                                            • Instruction ID: d69f50a7d35ea2cb526269b7a9fe0c255c9e65e3489f1fe368f681d5c80bb7c0
                                            • Opcode Fuzzy Hash: 3de07e5d23413e2b16a77e3022cd2045827cf55879644d11f04a61fa0c1aaa0a
                                            • Instruction Fuzzy Hash: 91F04471619255CADBA8BF2DF44362977D4E748381B908179D69DC7A64DE3C90508F04
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C29D8 Relevance: .0, Instructions: 2COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c18191a2f1d9e0511da2a23fccbf23045ee44581ecf563efb9fb5a883631d480
                                            • Instruction ID: a325241dd57a7c73b8c2fadfce34f5735aeb80ae4212cb0d9fb807cbc92ff23d
                                            • Opcode Fuzzy Hash: c18191a2f1d9e0511da2a23fccbf23045ee44581ecf563efb9fb5a883631d480
                                            • Instruction Fuzzy Hash: 33A001A690D806E0EA88BF00E850020A236AB98700B401131D02DC10B69E6DA480A640
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C1650 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: Object$PaintSelect$BeginCompatibleCreateDelete
                                            • String ID:
                                            • API String ID: 3224892679-3916222277
                                            • Opcode ID: 122b667e114df1c7871ca493fab36e7be7f82da4a1060954010c4890633799b6
                                            • Instruction ID: 8f33745508cdc7918dcd8bc953614290be88b1f2b5ec2d84dd775f65b52a1681
                                            • Opcode Fuzzy Hash: 122b667e114df1c7871ca493fab36e7be7f82da4a1060954010c4890633799b6
                                            • Instruction Fuzzy Hash: CE218C72618A8182EB64EF15E458729B3B2FB8CB95F010132DE5D83B65DF3CD006DB00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C3384 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF64B5C3632,?,?,?,00007FF64B5C3330,?,?,?,?,00007FF64B5C3055), ref: 00007FF64B5C3407
                                            • GetLastError.KERNEL32(?,?,?,00007FF64B5C3632,?,?,?,00007FF64B5C3330,?,?,?,?,00007FF64B5C3055), ref: 00007FF64B5C3415
                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF64B5C3632,?,?,?,00007FF64B5C3330,?,?,?,?,00007FF64B5C3055), ref: 00007FF64B5C343F
                                            • FreeLibrary.KERNEL32(?,?,?,00007FF64B5C3632,?,?,?,00007FF64B5C3330,?,?,?,?,00007FF64B5C3055), ref: 00007FF64B5C3485
                                            • GetProcAddress.KERNEL32(?,?,?,00007FF64B5C3632,?,?,?,00007FF64B5C3330,?,?,?,?,00007FF64B5C3055), ref: 00007FF64B5C3491
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                            • String ID: api-ms-
                                            • API String ID: 2559590344-2084034818
                                            • Opcode ID: 2ed10ba04ae6007e287107759c2713d51efbf090f3975910426cede33e37d836
                                            • Instruction ID: 9ba42ea6bb021d35287aefc3562ea765fde86b08422f2635f0d71ba4b6e381e9
                                            • Opcode Fuzzy Hash: 2ed10ba04ae6007e287107759c2713d51efbf090f3975910426cede33e37d836
                                            • Instruction Fuzzy Hash: 9F31D221B1EA4691EA2ABF12E4445B5A3A6FF4CB60F494535DD3D863A2EF3CE1458300
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5CB23C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                            • String ID: CONOUT$
                                            • API String ID: 3230265001-3130406586
                                            • Opcode ID: ca31d509b148b71efa36e50da67a0fb83a7b07797a7e5d3a1423889c834719d2
                                            • Instruction ID: e1c5393f72985ce9c8d4afc265847aee7987cb13c48ea84f94cdb73230414f21
                                            • Opcode Fuzzy Hash: ca31d509b148b71efa36e50da67a0fb83a7b07797a7e5d3a1423889c834719d2
                                            • Instruction Fuzzy Hash: 9F119722A1CA4186E394BF06E844329A2A5BB8CBE4F004234EA2DC37A1DF7CD9058740
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C4650 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 61accae0e1bcbd6cd4db78ae812f71027904b66e63fb624000fd879911e58408
                                            • Instruction ID: c27369a88fa526c2a728a81306da952f77ace43417e85d3029aa5f57e20d58ff
                                            • Opcode Fuzzy Hash: 61accae0e1bcbd6cd4db78ae812f71027904b66e63fb624000fd879911e58408
                                            • Instruction Fuzzy Hash: 43F03A61B1DA4291EB5CBF54E484778E372AF4CB50F041439D92FCA1BACF2CE489A710
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5CA224 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                            Download Yara Rule
                                            APIs
                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF64B5CA266
                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00007FF64B5CA1E3,00000000,?,?,00007FF64B5C8A3F), ref: 00007FF64B5CA324
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00007FF64B5CA1E3,00000000,?,?,00007FF64B5C8A3F), ref: 00007FF64B5CA3AE
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2210144848-0
                                            • Opcode ID: e25402ba668ecde0ec825780ad982f3318a69d69020e7f029eb6d244766acfd3
                                            • Instruction ID: 3a36d11509879fccfd018e51588d5cf1059c1cd7a6507bb7b37ffdf16779763b
                                            • Opcode Fuzzy Hash: e25402ba668ecde0ec825780ad982f3318a69d69020e7f029eb6d244766acfd3
                                            • Instruction Fuzzy Hash: 84819022E1C65285F719BF65D8946BCAA72FB48B94F444131DA2ED36ABDE3CA442C310
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5CB558 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: _set_statfp
                                            • String ID:
                                            • API String ID: 1156100317-0
                                            • Opcode ID: 26a546e7bd77f8ca3fc0338f00591d5630f622d4a827b8b98863898f65805266
                                            • Instruction ID: 64d948c7bcb1f55bac22f37ea6ee07feb88d4653e523f0f83ce7161fe689bee6
                                            • Opcode Fuzzy Hash: 26a546e7bd77f8ca3fc0338f00591d5630f622d4a827b8b98863898f65805266
                                            • Instruction Fuzzy Hash: D6115A26E9CA4B01F66C3928E5563799163AF5C374E184634EB7E972FBEE2DAC414200
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C6430 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: Info
                                            • String ID: $
                                            • API String ID: 1807457897-227171996
                                            • Opcode ID: 63979ebdba5f239400554b1a7817dcb94e284fd570199e0495390f9803b40f44
                                            • Instruction ID: 882d65c48dee152dda67e2a7149ba9ff271a3becb2b4f7280acd1e18000ebc3a
                                            • Opcode Fuzzy Hash: 63979ebdba5f239400554b1a7817dcb94e284fd570199e0495390f9803b40f44
                                            • Instruction Fuzzy Hash: 5E51C43291C6D086E729AF24D0883ADBBB1F74C748F644135D69D87A9ACF7CDA45CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C3F8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                            Download Yara Rule
                                            APIs
                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF64B5C3FBE
                                              • Part of subcall function 00007FF64B5C5BAC: HeapFree.KERNEL32(?,?,?,00007FF64B5C7634,?,?,?,00007FF64B5C7677,?,?,?,00007FF64B5C7C00,?,?,?,00007FF64B5C7B33), ref: 00007FF64B5C5BC2
                                              • Part of subcall function 00007FF64B5C5BAC: GetLastError.KERNEL32(?,?,?,00007FF64B5C7634,?,?,?,00007FF64B5C7677,?,?,?,00007FF64B5C7C00,?,?,?,00007FF64B5C7B33), ref: 00007FF64B5C5BD4
                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF64B5C20B5), ref: 00007FF64B5C3FDC
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe, xrefs: 00007FF64B5C3FCA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe
                                            • API String ID: 3580290477-3587108381
                                            • Opcode ID: 49b39aa9dbd2c1bc240bd2c032d49c79c12f278e72b4039641412bf8df6156e4
                                            • Instruction ID: 1233f89a9969c2d914b7fee4773a6c179780aecf5c33d7604901356648285214
                                            • Opcode Fuzzy Hash: 49b39aa9dbd2c1bc240bd2c032d49c79c12f278e72b4039641412bf8df6156e4
                                            • Instruction Fuzzy Hash: D7417F36A0CA5285EB59BF25E4410BDB7B6EF48B84B444035EA6E87BA6DF3DE4418300
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C9FC8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastWrite
                                            • String ID: U
                                            • API String ID: 442123175-4171548499
                                            • Opcode ID: f8385588f1f5199bdc6a0b2de16f9079eaf1221f361db48725a16a3c0ee3894f
                                            • Instruction ID: 577666649049c925b6ba042f1efd6339b17de34f9491e79c5ca9231414a31007
                                            • Opcode Fuzzy Hash: f8385588f1f5199bdc6a0b2de16f9079eaf1221f361db48725a16a3c0ee3894f
                                            • Instruction Fuzzy Hash: E041C022A1CA8182DB65EF25E8443A9A772FB887D0F404031EA5DC77A9EF3CD541C740
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C8170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: Stringtry_get_function
                                            • String ID: LCMapStringEx
                                            • API String ID: 2588686239-3893581201
                                            • Opcode ID: cb65909fa29318fba72e884b0fd594edeab7275119f6618fcc23953614ff864b
                                            • Instruction ID: 872f97450b3150d37b6f2a1f1250de8712c800cd5849b2115f57540a6c130f30
                                            • Opcode Fuzzy Hash: cb65909fa29318fba72e884b0fd594edeab7275119f6618fcc23953614ff864b
                                            • Instruction Fuzzy Hash: 9711293260CB8586D764AF46F4402AAB7B5FB8DB80F144136EE9D83B6ACF3CD5448B00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C810C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpintry_get_function
                                            • String ID: InitializeCriticalSectionEx
                                            • API String ID: 539475747-3084827643
                                            • Opcode ID: 11ad317c86286fb289fb7fb9634d2bc975f66933974b6c2f98d84e6cf7675309
                                            • Instruction ID: 8b361cacf5bf301305305ebd53fecc49770f0673085583ce4cf65cdc6b20db90
                                            • Opcode Fuzzy Hash: 11ad317c86286fb289fb7fb9634d2bc975f66933974b6c2f98d84e6cf7675309
                                            • Instruction Fuzzy Hash: FBF09A22A0C78191FA08BF41E4000B9A272AF4CB80F885431DA2E83B66CF3CE489D340
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00007FF64B5C80B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • try_get_function.LIBVCRUNTIME ref: 00007FF64B5C80E1
                                            • TlsSetValue.KERNEL32(?,?,?,00007FF64B5C55A6,?,?,?,00007FF64B5C5B1D,?,?,?,?,00007FF64B5C4750), ref: 00007FF64B5C80F8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.1659467897.00007FF64B5C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF64B5C0000, based on PE: true
                                            • Associated: 00000003.00000002.1659450925.00007FF64B5C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659485287.00007FF64B5CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659504286.00007FF64B5D7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5D9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000003.00000002.1659521724.00007FF64B5DB000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_7ff64b5c0000_spinner.jbxd
                                            Similarity
                                            • API ID: Valuetry_get_function
                                            • String ID: FlsSetValue
                                            • API String ID: 738293619-3750699315
                                            • Opcode ID: cb9f79a72a6663e1a0dc13008a3628d88c95de0b1d14fe7beddbf307623b01db
                                            • Instruction ID: d6e9c949c4599c1d6a28c6dfa09dbe1114377221b3fcbe3068bcf374c31c9cfc
                                            • Opcode Fuzzy Hash: cb9f79a72a6663e1a0dc13008a3628d88c95de0b1d14fe7beddbf307623b01db
                                            • Instruction Fuzzy Hash: B7E03961A0C74291FA4D7F51E4000B8B273AF4CB80F888032D93E8A2B7CE7CE9898240
                                            Uniqueness

                                            Uniqueness Score: -1.00%